Wireshark is the wrong tool for the job unless you are only interested in the destination IPs, but those are useless to most people because malware and PUPs are hosted on public cloud services or rarely hijacked insecure endpoints, so what value is a source IP going to get you? For example most ‘suspicious’ traffic is from your cell phone and some app is phoning home over TLS, with ‘home’ being an elastic IP in AWS.
Wireshark is the wrong tool for the job unless you are only interested in the destination IPs, but those are useless to most people because malware and PUPs are hosted on public cloud services or rarely hijacked insecure endpoints, so what value is a source IP going to get you? For example most ‘suspicious’ traffic is from your cell phone and some app is phoning home over TLS, with ‘home’ being an elastic IP in AWS.