This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Forced to join a network

0

Hi everybody, I'm new here and I'm a Wireshark layman. Wireshark was running on my computer, because I wanted to check, whether my computer perhaps is getting hacked. I've done the following steps one after another several times:

1) Starting a capture with Wireshark (promiscouos) 2) After starting the capture I've switched on my router

And the result was always the same: Immediately after switching on the router there was started a routine, which has to do with the IP 169.254.242.58. I myself are not able to find out, how to stop that, or which program is the trigger of that and of course I'd like to know, if that is maybe the preperation for a man-in-the-middle-attack. In my Wireshark capture was also a query as follows: "A request for all records the server/cache has available (255)" I also have installed the Comodo-Browser, because it can give warnings, if there are attacks like man-in-the-middle, and anyway Comodo gave to me the hint "joined to network 169.254.242.58/16" (!) and it gave to me a warning, that there could be an attack. There also have been more troubles: If I wanted to visit Google, there was the Comodo hint, that there is something wrong with the Google certificate and furthermore "https" was crossed out.

This is my first post in this forum here. I want to know the way to stop to be forced to a network, although today that hint didn‘t appear again. Neither Comodo has blocked that, because of a sandbox, or that 169.254.242.58 network isn‘t running today. Thank you very much in advance for help and tips.

asked 27 Dec '16, 10:28

R53's gravatar image

R53
6112
accept rate: 0%


One Answer:

0

I think you're getting confused.

An address in the 169.254.0.0/16 block (which 169.254.242.58 is), is known as an IPv4 APIPA or link-local address, and is automatically assigned by Windows to an interface if that interface is configured for DHCP and is unable to contact a DHCP server.

This happens in your tests as the router is off, normally in a home network the router acts as a DHCP server.

answered 27 Dec '16, 16:36

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%