I need to figure out what type of malicious activity is present in this .pcap file I have received for my coursework using wireshark, however I’m not asking anyone to solve it don’t worry. I’m curious about something else. From my understanding, when there is a TCP connection handshake, on Wireshark it is displayed as:
SYN
SYN, ACK
ACK
I’m just a beginner at the moment, so I’m trying to understand, most of the TCP frames in Wireshark are displaying ACK without any SYN, and some say PSH instead. Can someone educate me on why? I tried to search it up but it just talks about SYN ACK handshakes and doesn’t answer my question. Thank you! please ask for clarity if this does not make sense and I’ll try my best.
