 | 1 | initial version |
Work down through the Wireshark Statistics menu.
Statistics -> Capture File Properties - get a feel for what's in capture.
Statistics -> Protocol Hierarchy - what's the traffic mix?
Statistics -> Conversations - who's talking to who?
Statistics -> Endpoints - a pattern may fall out of here that isn't apparent in Conversations.
Would expect a DDoS to many sources to one (or few) destinations.
And a port scan to be one source to many destinations (IPs, ports).
