When I do a scan on Wireshark. The protocol Memcache comes up at least 100 times every second. Only responding and coming from my PC, none other on the network.
Also noticing (my computer only) that a lot of TCP protocols. lots, There are over 270,000 Protocols within 10 minutes, mostly belonging to TCP and Memcache.
Any help to what this could be would be appreciated, I think that this is the reason my network may be slower than it should be.
I should also add, some of the TCP repeatedly go to a verizon website, I never wen't with Verizon before, nobody in the household has either. possibly a virus?
asked 09 Sep '13, 21:46
edited 09 Sep '13, 21:48
Looks like BitTorrent traffic to me. Check your bittorrent client to see if it is running while you're capturing data, and if it uses UDP port 11211 as its data port. I guess Wireshark gets confused because it thinks that UDP 11211 is MEMCACHE while it isn't. It's just a coincidence that the other protocol (I guess BitTorrent) is set to use that port. If you want to continue capturing while using that port for protocols other than MEMCACHE you might want to change the port setting of the MEMCACHE protocol decoder in the preferences, or disable it completely (Analyze -> Enabled Protocols -> uncheck "MEMCACHE").
Regarding the 270,000 protocols in 10 minutes - this is just an interpretation error. Clients use ephemeral ports for communicating with servers, and Wireshark labels them according to the services file. So the client ports get funny protocol labels most of the time even though it is not using the protocol at all. You might want to disable the "resolve transport names" option in the name resolution settings of your preferences to avoid further confusion.
answered 16 Oct '13, 22:17
edited 16 Oct '13, 22:19