diff --git a/IntroClassFiles/Tools/IntroClass/Wireshark/Wireshark.md b/IntroClassFiles/Tools/IntroClass/Wireshark/Wireshark.md
index 6e2cc177..01cfddda 100644
--- a/IntroClassFiles/Tools/IntroClass/Wireshark/Wireshark.md
+++ b/IntroClassFiles/Tools/IntroClass/Wireshark/Wireshark.md
@@ -70,8 +70,6 @@ This will show us the various HTTP requests for the capture:
 
 ![](attachments/Clipboard_2020-12-09-18-43-37.png)
 
-Anything look strange there?  If you look closely, there is a lot of encoded PowerShell.
-
 Now, let's look at Statistics > Conversations:
 
 ![](attachments/Clipboard_2020-12-09-18-45-30.png)
@@ -122,6 +120,8 @@ This is showing the request (in red) and the response (in blue) between our two
 
 ![](attachments/Clipboard_2020-12-09-18-55-09.png)
 
+Anything look strange there?  If you look closely, there is a lot of encoded PowerShell.
+
 Now, let's play with some basic filters in the filter bar.  We have already seen how Wireshark can filter on IP addresses.  But we can also filter on protocols.
 
 To start, just type l.