hi, I have started using wireshark only recently and I have noticed something weird, every time I filter packages by "http" I see that my pc sends the first request to an IP address, which I know belongs to my university and the host is my university's website, although I don't browse to the university's website,and actually I have graduated from that university and moved to a different country, but my laptop was provided by the university when I started there. So could you please explain why does this happen? see the screenshot
asked 21 Jan '17, 15:34
Hi, probably, some software is still installed on your laptop and is called from autorun.This piece of software can perform automatic connection attempts. It doesn't neccessarily have to be web browser.
There is 'Perfigo SEC' mentioned in useragent field. Quick searching tells us that could be 'Cisco Clean Access Agent' software.
You can investigate it further using Sysinternals toolset. TCPView and Procmon utilities can give you process name, and Autoruns utility can show where is it called from.
Also, next time try to anonymize your screenshot better:) Check 'Full request URI' field - your university's hostname is visible from there too.
answered 22 Jan '17, 04:05
edited 22 Jan '17, 04:07