The protocol hierarchy of the captured packets.
This is a tree of all the protocols in the capture. Each row contains the statistical values of one protocol. Two of the columns (Percent Packets and Percent Bytes) serve double duty as bar graphs. If a display filter is set it will be shown at the bottom.
Thebutton will let you copy the window contents as CSV or YAML.
Protocol hierarchy columns
Packets usually contain multiple protocols. As a result, more than one protocol will be counted for each packet. Example: In the screenshot 100% of packets are IP and 99.3% are TCP (which is together much more than 100%).
Protocol layers can consist of packets that won’t contain any higher layer protocol, so the sum of all higher layer packets may not sum to the protocol’s packet count. This can be caused by segments and fragments reassembled in other frames, TCP protocol overhead, and other undissected data. Example: In the screenshot 99.3% of the packets are TCP but the sum of the subprotocols (TLS, HTTP, Git, etc.) is much less.
A single packet can contain the same protocol more than once. In this case, the
entry in the
PDUs column will be greater than that of
In the screenshot there are many more TLS and Git PDUs than there are packets.