How wireshark can done in a APT situation ?

General Advice on Wireshark Examples

• Pay attention to what Wireshark columns are used. They are not all the same, nor ordered the same.
• These are very “clean” captures. Even without display filters, there is little to no other traffic.
• Some things aren’t what they seem; for example, why are ICMP requests left unreplied? Much investigating needs to be done in malware analysis.
• Much more can be gleaned from a capture; for example, trying other columns or opening Analyze ⇨ Expert Information