Which Wireshark view is commonly used to locate large data transfers between two endpoints?

Conversations view is most effective here because it groups traffic by the pair of endpoints that communicate, showing exactly how much data each two-endpoint exchange carries. It lists each conversation with bytes exchanged, packets, and duration, so you can sort by the Bytes column to quickly spot the largest transfers and then inspect that specific conversation for details. This direct focus on endpoint pairs makes it ideal for locating big data transfers between two hosts. Other views aren’t as targeted for this purpose: Protocol Hierarchy shows how the captured data is distributed among protocols, not which hosts are exchanging the most data. IO Graphs visualize throughput over time, useful for spotting spikes but not for identifying the involved endpoints. Endpoint List highlights activity per host, which helps find busy machines but doesn’t directly reveal the two endpoints and their exchange volume.