Constantly in wireshark creates a lot of ARP requests. Source ZyxelCom (it's like my router), Destination - Broadcast (it's like a broadcast). And went the queries Who has 192.168.1.1 Tell 192.168.1.1 Who has 192.168.1.2 Tell 192.168.1.1 ... and so on to Who has 192.168.1.254 and then the new. Why?
Check the router - someone tried to scan your internal network with it (if the router hadn't done it before). It is possible that it was hacked or figured out the password.
Vern.Schneid answered on June 10th 19 at 16:01
You can offer three options:
1) the Zyxel router updates the list of busy devices (including, for example, by a DHCP);
2) Someone outside your router is trying to "reach out" to your internal addresses;
3) Someone on the inside of the router (there's a Linux with all the environment + shell) is trying to find something for your further "penetration" and "pin" on your network.
Over the last couple of days heard about some abnormal activity subscribers with routers Zyxel, however, there was not confirmation. Just in case unplug the router from the external network, look at the activity. You can reset to factory settings, upgrade the firmware to the latest and, without connecting to the network, check who has queries. But it is not for everybody.
Angelica.Russel answered on June 10th 19 at 16:03
Rabotni router. If the packets disappear-it rushed. Usually malware the reboot is not going through, that should be enough. But the firmware update is necessary in any case, even if a reboot will help as it will help for a while :-)