Running Wireshark on a PC for network monitoring and I noticed something strange. Application data is being exchanged with websites that are not open in the browser, or on any other device on the network over TCP.
These were not unkown addresses, but definitely were not open in the browser and shouldn't be exchanging anything over TCP at the time. Wireshark is showing that the connection was between the IP of the PC running Wireshark and these websites so I'd be able to see if the webpage was being accessed. These also seemed like small connections (if that makes sense) it wasn't the kind of data exchange I'd expect for loading a full webpage but certainly application data, but almost like the adapter on the PC was being used to "scan" for previously visited websites.
PC is connected to the network by LAN and promiscuous mode turned off.
Has the PC been infected with malware or am I just looking at some sort of cookies function? Cache update?