Wireshark Tip 4: Finding Suspicious Traffic in Protocol Hierarchy
This tip was released via Twitter (@laurachappell). When you suspect a host has been compromised, always open the Protocol Hierarchy window. Look for unusual applications (such as IRC or TFTP) or the dreaded "data" right under IP, TCP or UDP.
This tip was released via Twitter (@laurachappell). When you suspect a host has been compromised, always open the Protocol Hierarchy window. Look for unusual applications (such as IRC or TFTP) or the dreaded "data" right under IP, TCP or UDP.