4 million packets in half an hour could be normal traffic. It all depends on the kind of connection you have and if you were actually using the Internetlink (downloading, browsing, P2P etc) while you were capturing.

The best way of finding something fishy is to stop using the Internetuplink (cutting out your "regular" traffic) and then turn on your sniffer. If you see any traffic then you can start to analyze your capture. That way you don't have to wade through loads of normal traffic to find the packets that are the hostile ones.