I downloaded Wireshark + ProcessMonitor. The first is awesome, the second is a little beyond me, I think. Here's what I've got:
When does it occur? When I'm logged into Windows. It does this even though it is locked and hasn't been touched for hours.
How often does it occur? Several times a second. From the receiving computer's end, once every ten minutes or so (i.e. shortly after it unblocks the attack)
Does it match the moment you run a specific program? No, it's constant.
Is there more machine detecting similar attacks, from your machine or another one? I've had another friend mention it before in the past, and now that I'm looking at Wireshark, it's cycling through tons of IPs (all on my network)
Looking at Wireshark, there seems to be one main offender: My computer (under the name LiteonTe_(MACaddress)) is broadcasting using an ARP protocol and are asking "Who has (IP address)? Tell (my IP address)" As soon as it receives a reply with a MAC address, it moves on to another IP. How do I connect this info with process monitor?
I'm not sure how much is a normal amount of traffic for Wireshark and Processmonitor, but I got 10,000 local network entries and close to a million processes in half an hour. Is that usual or scary?