Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

wireshark protocol hierarchy

Posted on 2015-02-07
7
230 Views
Last Modified: 2015-02-07
I am looking at the Protocol Hierarchy for TCP in the Statistics>Protocol Hierarchy and it does not seem to add up as far as the % packets is concerned. I have TCP as 94.76%. But when I expand the selection for TCP, the protocols are around 0.03%, except 27.24% for SSL. I added up the protocols under TCP and it did not add up to 94.76%. It is barely 30%. Am I missing something? Thanks
0
Comment
Question by:leblanc
  • 3
  • 3
7 Comments
 
LVL 2

Expert Comment

by:UnHeardOf
ID: 40596002
If you look over one column you'll see the total number of packets. If you perform a filter in the capture you should see that the total number of TCP packets match that column. Next do a filter for HTTP in the capture and if you look at the packet details you'll notice that it uses tcp which is a sub category of tcp in the protocol statistics.
0
 
LVL 1

Author Comment

by:leblanc
ID: 40596019
Attached is the pic of my tcp protocol hierarchy statistics. If I added everything under TCP, it is not equal to 94.76%.

pic
0
 
LVL 2

Assisted Solution

by:UnHeardOf
UnHeardOf earned 500 total points
ID: 40596030
Packets could just be defined as TCP so you need to keep that into consideration.  

94.76% of the packets are TCP. Of those TCP packets 27.24% are SSL. If you had up all the items under TCP and subtract that from the TCP % thats the percentage that are just defined as TCP.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 1

Author Comment

by:leblanc
ID: 40596061
"94.76% of the packets are TCP. Of those TCP packets 27.24% are SSL" I agree with you.
"If you had up all the items under TCP and subtract that from the TCP % thats the percentage that are just defined as TCP" I don't understand this. To me if tcp is 94.76% and everything under that (from ssl to dns) should add up to that 94.76%. No?
0
 
LVL 2

Accepted Solution

by:
UnHeardOf earned 500 total points
ID: 40596065
You still have a percentage that are just classified as TCP which they dont display as a line item.
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 40596077
These 'just TCP' are in control of the TCP-flow , like the packet I received was OK , you may speed up, slow down please, resend or whatever.
0
 
LVL 1

Author Comment

by:leblanc
ID: 40596079
ok. yes now I see what you meant. The difference between the tcp % and the actual tcp% is the tcp that is not shown here. So that makes sense. I did not know that. I thought that some packets were dropped.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question