As Guy, said (and I said earlier) TCP includes all packets that are TCP.
There will syn, syn-ack and ack packets not classifed as either FTP or
FTP-Data. If you want to know ALL the traffic between hosts, you probably
want to specify a capture or display filter with "ip.addr == <host>".
As stated earlier Ethereal allows you to rapidly apply display filters and
narrow down the field of interest. (Protocol hier stats only show info for
packets passing the display filters
Martin Visser
Network Consultant - Compaq Global Services
Compaq Computer Australia
410 Concord Road
Rhodes, Sydney NSW 2138
Australia
Phone: +61-2-9022-5630
Mobile: +61-411-254-513
Fax:+61-2-9022-7001
Email:martin.visser@xxxxxxxxxx
-----Original Message-----
From: Surena K.D. [mailto:surenakd@xxxxxxxxxxx]
Sent: Tuesday, 9 October 2001 5:26 PM
To: ethereal-users@xxxxxxxxxxxx
Subject: [Ethereal-users] Protocol Hierarchy
Hi
I tried the FAQ and user guide and searched the list, but I could not find
my answer. Attached is the protocol hierarchy from tools menu. I ran
ethereal in "non-promisc" mode and then got a file with ftp. I shutdown all
other applications so the tcp traffic is mostly for ftp transfer. The result
is shown in attached file. The tcp protocol is 25% of all traffic but the
sum of the categories under it is about 16.5%. I always get about 40%
difference between the total tcp traffic and sum of the categories under it.
I tested it under win2000 and Linux, but I got the same results. Also I
thought maybe there is another application using tcp and I am not aware of
it. So I tried getting big files, so the effect of those applications be
small. But the result did not change much. I want to know what causes such
a large difference?
Thanx
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
