I'm trying to track down a hacker that has accessed my network & devices and been harassing me. But to be honest i have no idea what I'm doing when it comes to reading the logs I've been collecting. On my laptop I've been using WireShark to track network connections and various apps to track them on my android. So my question is, how do I know what IP Addresses are suppose to be there and which may be an intruders?
Also what piece of info (local/foreign/remote IP, MAC, hostname, DNS)is the one that will provide me with the most information if researched properly? & where is the best place with the tools to research said information?
--- IP (wlan0) 2601:646:8401:8da5:4094:c8
--- IP (wlan0) fe80::ae5f:3eff:fe94:c5de%
--- IP (wlan0) 2601:646:8401:8da5:ae5f:3e
--- IP (wlan0) 10.0.0.76
--- IP (dummy0) fe80::60c8:29ff:fed3:28d6%
--- IP (rmnet_data1) fe80::3b78:5417:a71f:44fb%
--- IP (rmnet_data1) 2607:fb90:a4ed:e36e:0:14:9
--- Connection: WIFI
Dig for 52.17.162.111
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2920
;; flags: qr rd ra ad ; qd: 1 an: 0 au: 4 ad: 1
;; QUESTIONS:
;; 52.17.162.111., type = A, class = IN
;; ANSWERS:
;; AUTHORITY RECORDS:
. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2016101800 1800 900 604800 86400
. 10800 IN RRSIG SOA 8 0 86400 20161031050000 20161018040000 39291 . dsUOdeHZ+npC/8RradQc4xReQR
. 10800 IN NSEC aaa. NS SOA RRSIG NSEC DNSKEY
. 10800 IN RRSIG NSEC 8 0 86400 20161031050000 20161018040000 39291 . JlntYvem2HL3mJd2lDrgIBdDgS
;; ADDITIONAL RECORDS:
. 32768 CLASS512 OPT ; payload 512, xrcode 0, version 0, flags 32768
;; Message size: 714 bytes
Query time: 240 ms
DNS server: 2001:558:feed::1, port 53, UDP