On Thu, May 16, 2013 at 1:11 AM, Paul graf <pj.world at hotmail.com> wrote: > -Erik I have installed wireshark and I see alot of outbound traffic now on > this Linux Mint 13 based computer. What can I be looking for as far as a > leak here? Well, now you can see that packets *are* indeed being sent out by this system. Wireshark will list the destination IP address for each packet, along with the destination port and protocol if it can determine that. In order to determine what the nature of this traffic is, you'll need to take this information and do some research. Run a `whois` on the destination IP, which will return the owner of that netblock. This may give you an idea as to the nature of the traffic. Also, if the traffic is unencrypted, you can look at the packet contents and see exactly what's going on - for instance, for cleartext HTTP, you could see HTTP requests and the subsequent reply. I believe that, by default, wireshark will not capture entire packets, though you can configure it to do so. Learning how to interpret packet captures is not an easy thing to do, but don't get yourself in a hurry. Start looking through the data, and when you see something that you don't understand, go research it and see what you can figure out. -Erik -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20130516/29968f9c/attachment.html>