You are asked to examine a packet capture file in Wireshark as part of an investigation. What key information would you look for, and how would you use display filters to narrow down relevant traffic?

Sample answer preview

Wireshark is one of the most important tools in a SOC analyst's toolkit for deep-dive network investigations. When you open a packet capture file, the amount of data can be overwhelming, so having a structured approach and knowing how to use display filters effectively is…