Revision history  [back]

Work down through the Wireshark Statistics menu.

Statistics -> Capture File Properties - get a feel for what's in capture.
Statistics -> Protocol Hierarchy - what's the traffic mix?
Statistics -> Conversations - who's talking to who?
Statistics -> Endpoints - a pattern may fall out of here that isn't apparent in Conversations.

Would expect a DDoS to many sources to one (or few) destinations.
And a port scan to be one source to many destinations (IPs, ports).