babaokesola
Posts: 1
Joined: Mon Dec 04, 2023 10:37 pm

Wireshark Help -Person Remoting into PC -also deleting wireshark packets

Mon Dec 04, 2023 10:48 pm

Hello Community,
I am writing you today to ask for your help and expertise. I have someone for a fact remoting into my computer, moving around my mouse, pausing my videos, accessing my camera, closing applications and blackscreening me. I have downloaded and read up on wireshark books about packet analysis and network security to gaini identifying information to provide to the police. I believe I was close to gaining their information when they started attacking wireshark. In the video provided the packet count is to the bottom right. Is thei any scenario where the packet count is constantly resetting back to zero? On Average when I start wireshark for the past year I would start out with thousands of packets maybe 20,000 whenever I begin the packet sniffing, but as ive been studying and trying to get their information since they refuse to stop remotng into my pc my packet count is reseting. Its now just hanging around the 400-500 region unless I do something like download a file. I have a noticably slower internet speed. Netflix and Youtube take a long time to buffer where they usually were instantaneous, even video preview and icons take longer and I am greeted with blackscreens before videos even plays. I need this harrsassment to stop and to provide identifying information to the police. How can I show that someone is reseting my packets in attempts to hide their identity and evade detection on my network. Is their another way to catch this act occuring as I know to remote into isomeones network will leave a trail of communication no matter how they try to hide it.

memjr
Posts: 3655
Joined: Fri Aug 21, 2020 5:59 pm

Re: Wireshark Help -Person Remoting into PC -also deleting wireshark packets

Mon Dec 04, 2023 11:53 pm

babaokesola wrote:
Mon Dec 04, 2023 10:48 pm
Hello Community,
I am writing you today to ask for your help and expertise. I have someone for a fact remoting into my computer, moving around my mouse, pausing my videos, accessing my camera, closing applications and blackscreening me. I have downloaded and read up on wireshark books about packet analysis and network security to gaini identifying information to provide to the police. I believe I was close to gaining their information when they started attacking wireshark. In the video provided the packet count is to the bottom right. Is thei any scenario where the packet count is constantly resetting back to zero? On Average when I start wireshark for the past year I would start out with thousands of packets maybe 20,000 whenever I begin the packet sniffing, but as ive been studying and trying to get their information since they refuse to stop remotng into my pc my packet count is reseting. Its now just hanging around the 400-500 region unless I do something like download a file. I have a noticably slower internet speed. Netflix and Youtube take a long time to buffer where they usually were instantaneous, even video preview and icons take longer and I am greeted with blackscreens before videos even plays. I need this harrsassment to stop and to provide identifying information to the police. How can I show that someone is reseting my packets in attempts to hide their identity and evade detection on my network. Is their another way to catch this act occuring as I know to remote into isomeones network will leave a trail of communication no matter how they try to hide it.

Start by changing all the passwords in that machine and turning off remote access.

ame
Posts: 8745
Joined: Sat Aug 18, 2012 1:21 am
Location: New Zealand

Re: Wireshark Help -Person Remoting into PC -also deleting wireshark packets

Tue Dec 05, 2023 12:23 am

babaokesola wrote:
Mon Dec 04, 2023 10:48 pm
Hello Community,
I am writing you today to ask for your help and expertise. I have someone for a fact remoting into my computer, moving around my mouse, pausing my videos, accessing my camera, closing applications and blackscreening me. I have downloaded and read up on wireshark books about packet analysis and network security to gaini identifying information to provide to the police. I believe I was close to gaining their information when they started attacking wireshark. In the video provided the packet count is to the bottom right. Is thei any scenario where the packet count is constantly resetting back to zero? On Average when I start wireshark for the past year I would start out with thousands of packets maybe 20,000 whenever I begin the packet sniffing, but as ive been studying and trying to get their information since they refuse to stop remotng into my pc my packet count is reseting. Its now just hanging around the 400-500 region unless I do something like download a file. I have a noticably slower internet speed. Netflix and Youtube take a long time to buffer where they usually were instantaneous, even video preview and icons take longer and I am greeted with blackscreens before videos even plays. I need this harrsassment to stop and to provide identifying information to the police. How can I show that someone is reseting my packets in attempts to hide their identity and evade detection on my network. Is their another way to catch this act occuring as I know to remote into isomeones network will leave a trail of communication no matter how they try to hide it.
You are seriously out of luck. Presumably we are talking about a Pi here?

If it's a Pi you can get a new SD card, load a fresh copy of the OS from a trusted source, set a secure password, then use it for your network forensics.

Unfortunately the police will not be interested that some script-kiddie or the NSA has infiltrated your network. Nor will you be able to find who is doing this, or where they are.

If you have been hacked in this way, shut off your network connection, shut down all of your machines. Reformat and reinstall the OS on each machine you have, then restore the user files from backup. It's possible that any device on your network is being used as a stepping stone to other devices, so you have to deal with them all.
Oh no, not again.

foxsquirrel
Posts: 127
Joined: Thu Dec 30, 2021 2:56 pm

Re: Wireshark Help -Person Remoting into PC -also deleting wireshark packets

Tue Dec 05, 2023 1:49 am

babaokesola wrote:
Mon Dec 04, 2023 10:48 pm
Is their another way to catch this act occuring as I know to remote into isomeones network will leave a trail of communication no matter how they try to hide it.
Yes, but no one is going to publicly post it.
What OS are you running?

ejolson
Posts: 12171
Joined: Tue Mar 18, 2014 11:47 am

Re: Wireshark Help -Person Remoting into PC -also deleting wireshark packets

Tue Dec 05, 2023 2:30 am

foxsquirrel wrote:
Tue Dec 05, 2023 1:49 am
babaokesola wrote:
Mon Dec 04, 2023 10:48 pm
Is their another way to catch this act occuring as I know to remote into isomeones network will leave a trail of communication no matter how they try to hide it.
Yes, but no one is going to publicly post it.
What OS are you running?
The type of forensics and attribution you seek is very difficult for experts.

To monitor traffic one could place a firewall between the Pi and the rest of the Internet. One could temporarily make such a firewall using an extra Pi and a USB ethernet dongle.

The hardware would then look like

Code: Select all

infected      firewall      upstream
honeypot <--> appliance <--> router
Note that monitoring an obvious intrusion is dangerous because spy agencies and criminals can work in teams where one group provides an obvious distraction while the focus is a separate group using completely different techniques to steal or alter the data.

Return to “Off topic discussion”