Hi I'm new to using wireshark. I'm trying to do a lab for school in which I inspect the packets from accessing a simple web file. When I do that I get a bunch of random packets from a bunch of different ip addresses including my school(which doesn't make sense because I'm at home) random servers, and other devices on my local network. My friend who is also working with me on the lab is not getting these random packets. Why is this happening? asked 18 Sep '16, 14:30  GP2 |
One Answer:
These packets are not "random". On top of your browser downloading the web page, there are other applications and processes in your PC, some of which are network applications and thus talk to their relevant servers. Besides, some browsers tend to update links in cache. So if you were visiting your school's web page in the past (or you even have it open in another browser tab although you are not currently watching it), this could be an explanation why your school's IP appears in your packet list. answered 19 Sep '16, 01:32  sindy |
thanks for the response. I can see why that would cause those packets to appear. Do you know what processes would cause these packets to appear? As I said, my friend, who was working on the lab with me and connected to the same network as me did not have these packets show up. Also these packets did not show up for me when I was at school.
No, I don't - these may be application auto-update processes, Windows 10 calling home (which they do almost continuously), ...
But the good news is that you don't need to care about them to fulfil your assignment. Use a display filter to make Wireshark show you only packets to/from the IP address of the web server from which you are downloading that "simple web file". This is what Wireshark users routinely do, and if you ask your teacher, he is likely to tell you that this was part of the exercise goal.