We help IT Professionals succeed at work.

Can someone analyse a wireshark Network Protocol file for me?

Melody Scott
Melody Scott used Ask the Experts™
on
Hi, I ran this wireshark network protocol analyzer with no programs open, including no background programs. I ran it for three minutes. I have the report in csv and in pcapng format.(I've changed the latter to a .txt extension to upload).

Can someone let me know if there's any odd network activity going on? Thanks. If you need more information, let me know, this is way over my head.
packet-dissection.csv
packets---Copy.txt
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
You should have a screen that shows you rows of IP address - source and destination. That gives you the clue about where the packets are coming and going.

Since many (most) packets are encrypted (https and email) it is difficult to look at packets.

I am looking a packets with Comm View (Tamosoft) and they attempt to decode the packets and provide information that can be of use.

Comm View
Commented:
Looks pretty normal, like any capture on any PC would be for that amount of time.

Author

Commented:
Ok, thanks. Should I do a longer capture? I did see quite a few red lines, wasn't sure if that was cause for alarm.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Do that and check Source and Destination IP addresses.

Commented:
Wireshark is not aware of malware or weird network activity. Its function is purely presenting you the raw network data. Red lines are invalid packets or other protocol errors, on TCP/UDP level. Happens during normal operation (some software trying to connect to a non-existent server etc), and even during connected sessions (re-ack packets etc).
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
No packet sniffer sees malware. Just the packets that go back and forth as shown above.

Author

Commented:
Thanks, I think it sounds like I'm ok.