I am currently learning the ins and outs of ethereal, and was wondering if any of you guys had some experience with it. specifily Im trying to figure out which filters I should use to look for "out of the ordinary" traffic. I have found the filters for messaging programs and things like that, but im not too sure on which I should use if im looking for things like spyware, trojans, etc. From just looking at the packets I can tell that atleast one of our machines is infected, but the traffic was so blatently obvious that a monkey would have noticed it. Im trying to set a filter to look for the more "stealth" types of programs.

any suggestions?