8.3. The "Protocol Hierarchy" window
The protocol hierarchy of the captured packets.
This is a tree of all the protocols in the capture. You can collapse or
expand subtrees, by clicking on the plus / minus icons. By default, all
trees are expanded.
Each row contains the statistical values of one protocol.
The
Display filter
will show the current display filter.
The following columns containing the statistical values are available:
-
Protocol
: this protocol's name
-
% Packets
: the percentage of protocol packets,
relative to all packets in the capture
-
Packets
: the absolute number of packets of this
protocol
-
Bytes
: the absolute number of bytes of this
protocol
-
MBit/s
: the bandwidth of this protocol, relative
to the capture time
-
End Packets
: the absolute number of packets of this
protocol (where this protocol was the highest protocol to decode)
-
End Bytes
: the absolute number of bytes of this protocol
(where this protocol was the highest protocol to decode)
-
End MBit/s
: the bandwidth of this protocol, relative to
the capture time (where this protocol was the highest protocol to decode)
|
Note! |
Packets will usually contain multiple protocols, so more than one protocol
will be counted for each packet.
Example: In the screenshot IP has 99,17% and TCP 85,83% (which is together
much more than 100%).
|
|
Note! |
Protocol layers can consist of packets that won't contain any higher layer
protocol, so the sum of all higher layer packets may not sum up to the
protocols packet count.
Example: In the screenshot TCP has 85,83% but the sum of the subprotocols
(HTTP, ...) is much less. This may be caused by TCP protocol overhead,
e.g. TCP ACK packets won't be counted as packets of the higher layer).
|
|
Note! |
A single packet can contain the same protocol more than once. In this case,
the protocol is counted more than once. For example: in some tunneling
configurations the IP layer can appear twice.
|