Q.46
Scenario: Your company suspects a data breach. How would you use Wireshark to identify unauthorized data transfers?
Solution: Use the filter tcp.dstport == 21 || tcp.dstport == 22 || tcp.dstport == 443 to check for FTP, SSH, or HTTPS data transfers. Also, monitor for large outbound packets (frame.len > 1000) to unknown IPs.