Wireshark - What to do after you found a suspicious packet?

 Now given that you found a suspicious packet from Expert Information and want to investigate further, what should you do next?

For example, I would like to investigate the Connection Reset packet. I double click on it and it brings me to the specific packet

What next? Of course, you could inspect the packet detail, including IP, port and data. But, what you usually want to know is the trail of the packet.

Wireshark allow you to follow the packet. You can right click the packet, Follow -> TCP stream (this is a tcp packet) to get the trail.

The result is the list of packets (time ordered) to let you know what had happen along the way

Worth mentioning, Wireshark provide a Flow Graph under Statistics menu. It shows a graphical view of connections between host. It is rather useful to understand packets sequences.