One of the first things I like to do when I start looking at a PCAP during an investigation is run it through snort to see if it finds anything suspicious. You can easily do this at the command line with
snort -dv -r test.pcap but the output is not great.
To run it:
docker run -d -p 8080:8080 jgamblin/websnort
If you want to build your own the dockerfile is:
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update && apt-get install python-pip snort -y
RUN chmod a+r /etc/snort/snort.conf
RUN pip install websnort
malware-traffic-analysis.net has great PCAPs for testing your security tools.