How would you use packet analysis tools like Wireshark or tcpdump to identify malicious traffic patterns?