Hi everyone, I'm very new to this whole packet analyzing thing and I would really appreciate any help you guys can offer. The other day I started capturing packets on our wifi network and When I looked at the captured packets later, everything seemed normal except for several HTTP requests from (and to) my computer's IP to a specific website which I didn't visit during the capture. The last time I had visited that website was more than a month before the capture. Moreover, there were several HTTP and TCP packets from different pages on that website, as if someone was browsing through it. When I saw these packets I doubled check my browser's history(chrome) and my browser's history confirms that the last visit to anything related to this website was more than a month ago. This seems very wired specially that I can't see any other visits to other websites from my chrome's history. Also, this is a very sensitive governmental website. I tried to run this filter "arp.duplicate-address-frame" on the capture to see if someone was spoofing my ip or anything like that but no results came up. Does anyone know what might be going on here? Thanks in advance asked 29 Aug '16, 16:54  truthWins |
One Answer:
Browser background processing, most likely. They like to keep their caches/history updated, so that when you revisit them (statistically likely, since you've been there before) they can show you the site/page quicker. answered 30 Aug '16, 02:45  Jaap ♦ |
