@TazWake said:
First place I’d suggest is check out https://www.malware-traffic-analysis.net/ there is some awesome guidance.
I’d also suggest setting up Wireshark in a manner which helps you (this is a good starting point Malware-Traffic-Analysis.net - Changing the column display in Wireshark)
From there its a matter of filtering it for known activity and using the tools in Wireshark to get an understanding of what happened.
It might also be worth having a look at network miner (NetworkMiner - The NSM and Network Forensics Analysis Tool ⛏) as this can do a good job of summarising information in a PCAP to speed up analysis.
Thank you very much, that’s what I was looking for