I had reason to believe that my computer had been compromised, so I connected to Wirehark. By learning the basics of this software, I discovered that when restarting my router and before the router opens the ports with the access provider, it always tries to 39, send traffic and create TCP. handshakes.
This is only when a handshake is executed and the router is connected to the Internet, it starts sending TLSv1.2 application data traffic in and out of my PC, usually the size of the package is 1434.
As I would really like to solve this problem and get information about the author of this traffic, I lack the time and knowledge to manage it effectively. I am a programmer with very little knowledge of development / infrastructure.
I started writing an email on AWS abuse, but I think I would not have much success there and I was thinking of hiring a professional.
Please share your thoughts, and this is my first post so I hope I respect this stack exchange.