Wireshark is the wrong tool for the job unless you are only interested in the destination IPs, but those are useless to most people because malware and PUPs are hosted on public cloud services or rarely hijacked insecure endpoints, so what value is a source IP going to get you? For example most ‘suspicious’ traffic is from your cell phone and some app is phoning home over TLS, with ‘home’ being an elastic IP in AWS.
It’s so overwhelming. I just want to be able to use Wireshark well to figure out wft is going on at my house with outbound surveillance data.
Wireshark is the wrong tool for the job unless you are only interested in the destination IPs, but those are useless to most people because malware and PUPs are hosted on public cloud services or rarely hijacked insecure endpoints, so what value is a source IP going to get you? For example most ‘suspicious’ traffic is from your cell phone and some app is phoning home over TLS, with ‘home’ being an elastic IP in AWS.