Any SSH attempts on your Mac with your firewall logs. If there is happen to be ip address.
See if i can do a ip address tracing.
It's seems like you are having the same issues as me.
I still have someone remotely control my computer for no utter reasons.
But sometimes ip address trace can lead to nowhere not unless the ISP can help you out.
What you need is the date, time, location of the place that happen. And the firewall logs.
Wow! You do wireshark.
Are you fimilar with Linux??
If you know Wireshark.
Did you know anything about Etherape???
If you need to run that on a mac. You need Xcode and Macports.
If you know linux, that will be fine. As you need to download Etherape and do some analysis.
What ip address is going from your computer.
Connects only one computer to your router.
This time without a harddisk inside your computer.
Run only Linux Live Distro like Fedora or Ubuntu via DVD drive bay.
Watch if anything happens.
If there is some activities than someone is really hacking into your computer networks.
If you can capture sessions on your system logs via a printer running that will be help.
Like dot matrix printers hook up to your computer.
Only one computer and one printer.
Don't do anything.
Don't go any harmfull sites.
Do not do any BitTorrent.
As these comes with malwares,viruses,trojans.
I have the gut feeling that someone must have gain access to your computer physically.
And mess up your things.
I have the similar problems like Brian Krebs the security guru.
Try the Who's There.
Check to see if any one connect your Mac via SSH Tcp port 22.
From there you will know who is the joker been accessing your computer remotely.
Just to let you know that Apple to been hacked into.
So be wary of this infos that I gave it to you.
There is another one.
Which you need to know.