Hello all,

According to the Wireshark record my computer connects to various services often, including Amazon, Hetzner, 1337 Services GmbH, Evanzo GmbH and ThomasFamilyInvestments. The most often were the connections to mail.my-mail.rocks which is a part of Netcup GmbH. I have a somewhat minimal distro and the attached recordings were made when no app was open including no browser. I can send the other screenshots showing other connections too. I’m suspecting of malware since some time ago but can you help me clarify these connections please?

  • MangoPenguin@lemmy.blahaj.zoneEnglish
    34·
    3 days ago

    Do you have any apps open in the foreground or background while doing the packet capture? Check with top or htop and make sure all your apps are truly closed.

    Amazon, Hetzner, and the others are VPS providers among other services, so seeing connections to those by apps could be fairly normal as they often check for updates or download supporting items to make the app work.

    • Clark@lemmy.mlOP
      4·
      3 days ago

      Thank you for the informations. There were nothing in the foreground but tor was apparently running in the background. But I’m still not sure if these services were all due to Tor. I need to run another record I guess

      • rumba@lemmy.zipEnglish
        3·
        2 days ago

        Yeah, * Tor. Its primary job is to make and destroy tons of connections to keep you private.

        Edit: Still getting used to FUTO keyboard. It doesn’t need me to say comma

      • eldavi@lemmy.mlEnglish
        8·
        3 days ago

        it sounds like you’ll need a better handle on what’s running on your computer.

        if this matters to you enough: you can start with pruning the systemd services that are running to remove the ones you don’t want so that you can know for certain what is supposed to be running and then run another capture to see where it’s calling out to.

      • iglou@programming.dev
        6·
        3 days ago

        Per its nature, tor is definitely going to create a lot of noise in your capture. Shut it down and try again, see if you still have so many connections.

        It is highly unlikely that you have malware that you can’t see, so if you still see them after shutting down tor, use tools that tell you which app has established connections.