Is there something keeping you from formatting the drive and reinstalling the operating system? That should have been your first choice if you think there is malware on your system. That is the only guaranteed way to remove a potential threat.

if you really want an idea of what your box is doing. Close all the apps you have running (except wireshark) and let it run over night.

Depending WHAT on your router is flashing, it could just be keep alives or some other background noise to keep your system up to date.

Running wireshark over night will give you a lot of data to look at, but if you want to learn how to do analysis you'll need the practice anyway.

This thread is old but I've got to start somewhere and maybe this will help someone else.

"I need to know how to set up Wireshark so I can analyze the traffic between my Mac and my router."

As another commenter suggested, the way to go in your situation is to set up Wireshark on your machine and then choose the interface you want to capture traffic on. While it may be possible for malware to mess with Wireshark, it's highly unlikely as black hats are usually looking for a different type of user to abuse. As the saying goes, packets don't lie.

"What type of router/switch are we talking about?"

Most managed switches have port monitoring. A hub is another route but there are quite a few hubs out there that are actually switches. The proper way would be to buy an aggregating tap like netoptics.com. Personally, I use the small mikrotik rb750 as a tap. You can build a tap but it will only be half-duplex.

"I get a lot of black with red text..."


Always bad. The default color rules have some bad traffic labeled as black/red. You can always tell what a coloring rule is based on by looking at the bottom of the list in the frame section or clicking on the coloring rules button. If you see striping in a trace, it is almost always bad. The trace you provided isn't large enough to get a full picture of what is going on with your machine. Use the display filters to get a clearer picture. If you don't know how, get the wireshark book or get the training at chappellu.com. I took her all-access course and it taught me quite a lot about the packet level and protocols. Wireshark is easy to use but packet tracing and deciphering what you see in front of you is an art form. It's easy to get lost with all that data but the packets will tell you absolutely what is going on, if you can figure it out. Packets don't lie. Packet 5 has a window size of 128 and you have essentially hit a zero window and will start dropping packets, hence the 2 out-of-order packets that follow it.