I have been doing some network traffic monitoring using tcpdump on a Fedora 36 machine. And a list of suspicious activities with (but not limited to) fedoraproject.org has been observed while nothing except the bare minimum OS and GNOME has been running and no network activity is supposed to be found.
The issue has been reproduced for more than once on this specific machine by long-term monitoring using tcpdump tcp. However, I have not found the root cause of it yet. Nor did it come up with anything noticeable in pair.
Only a part of the tcpdump log is attached in below due to the forum post limitation. Any help clarification or method to remove this suspicious behavior is appreciated.
19:54:14.689792 IP localhost.40852 > proxy-iad01.fedoraproject.org.https: Flags [S], seq 3529269868, win 64240, options [mss 1460,sackOK,TS val 826677246 ecr 0,nop,wscale 7], length 0 19:54:14.745652 IP proxy-iad01.fedoraproject.org.https > localhost.40852: Flags [S.], seq 1210962692, ack 3529269869, win 62636, options [mss 1380,sackOK,TS val 605400370 ecr 826677246,nop,wscale 7], length 0 19:54:14.745699 IP localhost.40852 > proxy-iad01.fedoraproject.org.https: Flags [.], ack 1, win 502, options [nop,nop,TS val 826677302 ecr 605400370], length 0 19:54:14.861434 IP localhost.56978 > proxy-iad01.fedoraproject.org.hostmon: Flags [S], seq 2541406161, win 64240, options [mss 1460,sackOK,TS val 826677418 ecr 0,nop,wscale 7,tfo cookiereq,nop,nop], length 0