wireshark protocol hierarchy

I am looking at the Protocol Hierarchy for TCP in the Statistics>Protocol Hierarchy and it does not seem to add up as far as the % packets is concerned. I have TCP as 94.76%. But when I expand the selection for TCP, the protocols are around 0.03%, except 27.24% for SSL. I added up the protocols under TCP and it did not add up to 94.76%. It is barely 30%. Am I missing something? Thanks
LVL 1
leblancAccountingAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
UnHeardOfConnect With a Mentor Commented:
You still have a percentage that are just classified as TCP which they dont display as a line item.
0
 
UnHeardOfCommented:
If you look over one column you'll see the total number of packets. If you perform a filter in the capture you should see that the total number of TCP packets match that column. Next do a filter for HTTP in the capture and if you look at the packet details you'll notice that it uses tcp which is a sub category of tcp in the protocol statistics.
0
 
leblancAccountingAuthor Commented:
Attached is the pic of my tcp protocol hierarchy statistics. If I added everything under TCP, it is not equal to 94.76%.

pic
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
UnHeardOfConnect With a Mentor Commented:
Packets could just be defined as TCP so you need to keep that into consideration.  

94.76% of the packets are TCP. Of those TCP packets 27.24% are SSL. If you had up all the items under TCP and subtract that from the TCP % thats the percentage that are just defined as TCP.
0
 
leblancAccountingAuthor Commented:
"94.76% of the packets are TCP. Of those TCP packets 27.24% are SSL" I agree with you.
"If you had up all the items under TCP and subtract that from the TCP % thats the percentage that are just defined as TCP" I don't understand this. To me if tcp is 94.76% and everything under that (from ssl to dns) should add up to that 94.76%. No?
0
 
jburgaardCommented:
These 'just TCP' are in control of the TCP-flow , like the packet I received was OK , you may speed up, slow down please, resend or whatever.
0
 
leblancAccountingAuthor Commented:
ok. yes now I see what you meant. The difference between the tcp % and the actual tcp% is the tcp that is not shown here. So that makes sense. I did not know that. I thought that some packets were dropped.
0
All Courses

From novice to tech pro — start learning today.