Log in or Sign up

Odd traffic in Wireshark

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by tomandlu, Mar 26, 2012.

tomandlu Private E-2

Hi,

I'm seeing a lot of entries like:

136
67.142317
192.168.2.3
157.55.56.150
TCP
58
mysql-cluster > 40044 [PSH, ACK] Seq=9 Ack=40 Win=16893 Len=4

in wireshark. Some are incoming, some are outgoing. I do run mysql on my machine, but I've no idea whether that's my mysql instance or one at 157.55.56.150 - and I've no idea why I'm talking to them in the first place... should I be worried?

tomandlu, Mar 26, 2012

#1
thisisu Malware Consultant

Hi and welcome to Major Geeks, tomandlu!

If you suspect this is malware related, you should go read and follow the instructions in this thread: READ & RUN ME FIRST Malware Removal Guide

Otherwise, you would be better off posting in the Networking or Software forum.

thisisu, Mar 26, 2012

#2

(You must log in or sign up to reply here.)

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds

Search