I’m new to Kali Linux and recently started exploring the pre-installed tools to master them one by one. I have a decent understanding of how the internet works — including networking basics, how protocols function, and I can read protocol packets fairly well in Wireshark.
Here’s my confusion:
There’s no other active internet user on my network except me, yet when I start capturing packets in Wireshark, I still see various IP requests and conversations — things like HTTP, TCP, DHCP, and ARP traffic.
Where are these packets coming from if I’m the only one connected?
Is there any way to find out the source of these background packets or traffic within Wireshark?
Wireshark will tell you the source and destination IP address of each packet, you will be surprised how ‘chatty’ your own device is in the background…
You asked wireshark to use your adapter to capture packets, and so your seeing the packets going to and from your own adapter… (and in promiscous mode you will also see packets your router sends and receives etc)
If you use nmap on your own network, you will often find several ports open on a router, and the same on your own device typically..
The source and destination of the transmission are in the IP packet.
A typical Internet user who uses fiber optic cable and has a router at home also has a phone that automatically connects to his home WiFi when he is at home. In addition, he also has a TV of some sort. Smart TV, with built-in OS, with built-in Netflix and Internet which can be accessed on large screen. Besides, he may have IoT devices, e.g. refrigerator, light bulbs, power on/off switches, smartwatch, etc. Probably also some tablets.
Everything that is around you during the first start tries to trick you into your WiFi by asking for your password. Some of them can’t be started at all if you don’t give it access to the Internet.
So basically ur saying that these mysterious packets coming from
other connected devices? Although yep I actually did found many packets of my own conversation http packets within my network. Thank you friends for clearing out my doubt btw I wanna know next thing when a specific device is shut off e.g my laptop or phone is the device still connected to my home wifi and still sending data packets?
If your worry is that your laptop is talking while shut-down, you have to sniff the network from another device while it’s shut down.
If you want to stop/know/confirm every single thing your system does outward, you can use a firewall like opensnitch, deny everything and then start opening up things as you go (it will pop up when not allowed, tell you what application and what it is trying to reach, and you can accept/deny or make rules that allows for the future)
It’s not for the faint of heart though since your system does a lot of things you probably don’t even think about, but for “tinfoil hat wearers” (like me xD) it’s a really neat tool once you got it setup with proper rules. You should really read their wiki before installing so you have a hunch of what you are getting yourself into.
It’s in the apt repo, so you can install it from right there, unless you want the absolute latest release then you have to follow their instructions (but keep in mind apt will not update it for you then, I would just go for the apt version)