Anyone knows what kind of data is this?

protocool · November 4, 2022, 12:38pm

Hi. I decided recently to check some traffic on the WAN facing port using ssh capture and there is some HTTP traffic that I am not really sure what is the purpose of.

Screenshot 2022-11-04 142622

It looks as if my router exchanged some info with a singapore based IP with tencent domain, and this wxpic format is something I witness for the first time, seems to be data related to an image to program PIC micro-controllers.

Screenshot 2022-11-04 143730

Do you think guys this is just one of those hacking attempts, since after all my router responded with ACK and FIN afterwards indicating the end of HTTP stream? Should I be concerned about this finding ?

Borromini · November 4, 2022, 1:03pm

A tracking image from some website, most likely?

lleachii · November 4, 2022, 1:07pm

The SRC of the traffic seems to be from your network (assuming port 80 is the server at Tenecent). I assume your camera phones home or sends some other kind of data (i.e. most of those cheap consumer cameras auto-connect to the OEM's provided service).

frollic · November 4, 2022, 1:18pm

Can always do a whois on the destination IP(s).

lleachii · November 4, 2022, 1:29pm

The OP did.

frollic · November 4, 2022, 1:37pm

You're right, disregard, I guess