This is a static archive of our old Q&A Site. Please post any new questions and answers at

unknown destination


hi, I have started using wireshark only recently and I have noticed something weird, every time I filter packages by "http" I see that my pc sends the first request to an IP address, which I know belongs to my university and the host is my university's website, although I don't browse to the university's website,and actually I have graduated from that university and moved to a different country, but my laptop was provided by the university when I started there. So could you please explain why does this happen? see the screenshotalt text

asked 21 Jan '17, 15:34

VP7777's gravatar image

accept rate: 0%

One Answer:


Hi, probably, some software is still installed on your laptop and is called from autorun.This piece of software can perform automatic connection attempts. It doesn't neccessarily have to be web browser.

There is 'Perfigo SEC' mentioned in useragent field. Quick searching tells us that could be 'Cisco Clean Access Agent' software.

You can investigate it further using Sysinternals toolset. TCPView and Procmon utilities can give you process name, and Autoruns utility can show where is it called from.

Also, next time try to anonymize your screenshot better:) Check 'Full request URI' field - your university's hostname is visible from there too.

answered 22 Jan '17, 04:05

Packet_vlad's gravatar image

accept rate: 20%

edited 22 Jan '17, 04:07

thanks for the quick reply, I also think it's cisco

yea, I knew about that hostname for the uni is there) simple google search of the ip would reveal the name so didn't make sense to cut it out, besides not really that big of a secret thanks again

(23 Jan '17, 01:39) VP7777

Your answer has been converted to a comment as that's how this site works. Please read the FAQ for more information.

(23 Jan '17, 02:14) Jaap ♦

If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.

(23 Jan '17, 02:15) Jaap ♦