Wireshark Tip 4: Finding Suspicious Traffic in Protocol Hierarchy

This tip was released via Twitter (@laurachappell). When you suspect a host has been compromised, always open the Protocol Hierarchy window. Look for unusual applications (such as IRC or TFTP) or the dreaded "data" right under IP, TCP or UDP.

• #howto_style
• #wireshark_software
• #tips
• #internet_relay_chat_protocol
• #troubleshooting
• #network_security