I've been running Wireshark for relatively short (1-4 hrs) periods since downloading it several days ago to try to isolate some unauthorized activity on my Dell (in promiscuous mode). About an hour ago my firewall (Vipre) 'active connections' showed for the first time that Wireshark has established two outgoing connections through local ports 51201 and 51020, to 18.104.22.168 which appears to be the IP of Road Runner HoldCo LLC. Is this unusual, and do I need to set up a firewall rule for Wireshark?
asked 08 May '12, 14:43
edited 08 May '12, 15:28
2.) Create a SHA1 checksum (NOT MD5!) - search google for tools - and post the checksum, including the exact version of your Wireshark installation package here.
3.) How do you know it was wireshark that openend the connections? Does your desktop firewall show wireshark.exe as the responsible process?
4.) What's the destination port (to 22.214.171.124) and what's in those packets (after all your running a sniffer ;-))
answered 08 May '12, 22:08
Kurt Knochner ♦
edited 09 May '12, 11:34