on wireshark in protocol hierarchy statistics under tcp it says DATA and only data and also under udp its says its nearly up to 10 % in packages and bytes what is this and why is it there please help, any help will be much appreciated. asked 17 Nov '15, 11:25  jakejd |
One Answer:
it is there because the payload of the corresponding tcp or udp packets could not be identified more exactly. Normally, below tcp, you find lines like "hypertext transfer protocol", "Secure Sockets Layer" and alike. The reasons may be answered 17 Nov '15, 12:07  sindy edited 17 Nov '15, 13:14 showing 5 of 8 show 3 more comments |
sindy so this doesn't mean that anyone is trying to get my mac's idk passwords or something because i searched them all and there all private ip's and thanks for answering.
Not enough information from your side and not enough knowledge on my side to answer this even if you would provide the capture, but maybe someone else would be able to answer if you publish the capture somewhere and post here a link to it. Please use comments instead of answers, calm down and read the site FAQ.
oh and i tracked an ip under data and it was from Amsterdam why the hell would i get this ip and another is from the organisation cloud fare witch is a dns security thing witch i am not with and like amazon ip's is the source but the destination isn't my ip its private one witch is weird and this private one pops up a lot 192.168.0.6 this is the private ip.
and it also looks like someone is trying to ddos attack me because there is a lot and i mean a lot of packages coming in like i leave wire shark on for 1 minute and i get like a 1000 packages or is this normal i don't know
If 2 and 3 are true, you may be capturing someone else's traffic under circumstances. As for the unknown IP addresses, a lot of web pages are using Amazon's cloud, a lot of web pages are using other web pages as source of advertisement banners and videos...
DDOS at 1000 packets per minute? LOL, guy, that's next to silence. DDOS are hundreds of thousands of packets per second. What other applications are running on your machine?
yh but it might just be a noob trying to do it from his 1 computer which I know won't do anything, but when it's coming in and I don't have a webpage open or anything else open that used the internet that's the only thing I could think of.
As said - save the capture file, place it to some publicly accessible web (like cloudshark, google drive...), and put here a link. If I can't see anything in it, someone else may.
But if your machine has a public IP address and there is no firewall device between it and the network, then yes, you are most likely under several attacks simultaneously, this is a default state. E.g., for a linux machine with default passwords and no firewall configured, the time to be hacked is not more than 20 minutes from getting connected to the 'net.