Wireshark Tip 4: Finding Suspicious Traffic in Protocol Hierarchy |
|
This tip was released via Twitter (@laurachappell). When you suspect a host has been compromised, always open the Protocol Hierarchy window. Look for unusual applications (such as IRC or TFTP) or the dreaded "data" right under IP, TCP or UDP.
|