Thanks again mixture. I take it then that if Wireshark doesn't show something dodgy (it doesn't so far*, amongst the tons and tons of data yuo correctly predicted!) then a RAID rebuild could be a sensible thing to do before forgetting the affair and moving on? Remember I have now verified that UPnP is "off" and that ShieldsUp found no weaknesses so it's only something already inside trying to get out that I think I need to consider.

*I let it capture for a while and then sorted the records alphabetically by source column so I could quickly scan I.P. addresses and names outside those I know. I then did likewise for destination. Nothing found. I'll let it run for a couple of hours more and then look again.