I watched a video from Laura Chappell, "Analyzing a bot-infected host with Wireshark". She says if "Answer RRS are greater than 5" on DNS then the host can be infected by bots. I captured my internet data and found some Answer RRS more than 5. (some of them are 12, 13, 14).
As I'm new to wireshark I don't know how to analyze data well, so I don't know if my system is infected by any bot or these are normal data and activities!
How can I find out what the bot is doing? how to find it and how to get rid of it?
what does these files tell us?
First pcapng file (link to download)
Second pcapng file ( this one is more important to me to know if servers have any suspicious activities.)
