This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Why am I getting random packets

0

Hi I'm new to using wireshark. I'm trying to do a lab for school in which I inspect the packets from accessing a simple web file. When I do that I get a bunch of random packets from a bunch of different ip addresses including my school(which doesn't make sense because I'm at home) random servers, and other devices on my local network. My friend who is also working with me on the lab is not getting these random packets. Why is this happening?

asked 18 Sep '16, 14:30

GP2's gravatar image

GP2
6113
accept rate: 0%


One Answer:

1

These packets are not "random". On top of your browser downloading the web page, there are other applications and processes in your PC, some of which are network applications and thus talk to their relevant servers. Besides, some browsers tend to update links in cache. So if you were visiting your school's web page in the past (or you even have it open in another browser tab although you are not currently watching it), this could be an explanation why your school's IP appears in your packet list.

answered 19 Sep '16, 01:32

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

thanks for the response. I can see why that would cause those packets to appear. Do you know what processes would cause these packets to appear? As I said, my friend, who was working on the lab with me and connected to the same network as me did not have these packets show up. Also these packets did not show up for me when I was at school.

(19 Sep '16, 07:54) GP2

Do you know what processes would cause these packets to appear?

No, I don't - these may be application auto-update processes, Windows 10 calling home (which they do almost continuously), ...

But the good news is that you don't need to care about them to fulfil your assignment. Use a display filter to make Wireshark show you only packets to/from the IP address of the web server from which you are downloading that "simple web file". This is what Wireshark users routinely do, and if you ask your teacher, he is likely to tell you that this was part of the exercise goal.

(19 Sep '16, 08:16) sindy