Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

wireshark protocol hierarchy

Posted on 2015-02-07
7
Medium Priority
?
274 Views
Last Modified: 2015-02-07
I am looking at the Protocol Hierarchy for TCP in the Statistics>Protocol Hierarchy and it does not seem to add up as far as the % packets is concerned. I have TCP as 94.76%. But when I expand the selection for TCP, the protocols are around 0.03%, except 27.24% for SSL. I added up the protocols under TCP and it did not add up to 94.76%. It is barely 30%. Am I missing something? Thanks
0
Comment
Question by:leblanc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 2

Expert Comment

by:UnHeardOf
ID: 40596002
If you look over one column you'll see the total number of packets. If you perform a filter in the capture you should see that the total number of TCP packets match that column. Next do a filter for HTTP in the capture and if you look at the packet details you'll notice that it uses tcp which is a sub category of tcp in the protocol statistics.
0
 
LVL 1

Author Comment

by:leblanc
ID: 40596019
Attached is the pic of my tcp protocol hierarchy statistics. If I added everything under TCP, it is not equal to 94.76%.

pic
0
 
LVL 2

Assisted Solution

by:UnHeardOf
UnHeardOf earned 2000 total points
ID: 40596030
Packets could just be defined as TCP so you need to keep that into consideration.  

94.76% of the packets are TCP. Of those TCP packets 27.24% are SSL. If you had up all the items under TCP and subtract that from the TCP % thats the percentage that are just defined as TCP.
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 1

Author Comment

by:leblanc
ID: 40596061
"94.76% of the packets are TCP. Of those TCP packets 27.24% are SSL" I agree with you.
"If you had up all the items under TCP and subtract that from the TCP % thats the percentage that are just defined as TCP" I don't understand this. To me if tcp is 94.76% and everything under that (from ssl to dns) should add up to that 94.76%. No?
0
 
LVL 2

Accepted Solution

by:
UnHeardOf earned 2000 total points
ID: 40596065
You still have a percentage that are just classified as TCP which they dont display as a line item.
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 40596077
These 'just TCP' are in control of the TCP-flow , like the packet I received was OK , you may speed up, slow down please, resend or whatever.
0
 
LVL 1

Author Comment

by:leblanc
ID: 40596079
ok. yes now I see what you meant. The difference between the tcp % and the actual tcp% is the tcp that is not shown here. So that makes sense. I did not know that. I thought that some packets were dropped.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question