this is my first post here, I want to ask how we want to identify our network is attack by botnet through the network traffic analysis using wireshark, I capture about 8GB size of traffic and split the .pcap file into 1gb each and filter it with wireshark.

How suspicious the data would be so that we can classifiy it as a p2p botnet?, I try to googling around but not find the solution