This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Actually our server is using 30Mb/s right now, we captured current flow with wireshark, however what we saw is suprising, in Protocol Hierachy Statistics, it shows that 99% of this huge traffic is from TCP section but when I click on the + sign to see sub-protocols, it just shows 3% of it is in HTTP and other protocols and 96% source of remaining traffic is not shown at all.

I suspect ACK packets as they are the most packets in the capture, So what can cause this and how can we fix it?

asked 07 Sep '14, 05:12

CIT%20Developer's gravatar image

CIT Developer
11112
accept rate: 0%


The protocol hierarchy shows all protocols that Wireshark could determine, so e.g. for 99% TCP it determined 3% to be HTTP. You're right saying that ACK packets are not classified as HTTP (even if they are part of a HTTP communication) since they do not carry a HTTP payload. If you download a huge file over HTTP Wireshark may label the packets transporting the segments as TCP instead of HTTP since there are no HTTP headers/keywords in that payload.

What you could do if you wonder about the protocols being used in that 99% is to use the Conversations Statistic to see what ports are used, and filter on conversations to see what content the TCP packets have. The protocol column of the packet list will tell you what protocol Wireshark determined, so if it says "TCP" it didn't find anything more specific.

Maybe you have standard protocols like HTTP running on non-standard ports, which may prevent Wireshark from determining what the conversations contain. For HTTP you can add more ports in the protocol preference setting to help Wireshark detect it.

permanent link

answered 07 Sep '14, 08:51

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Thanks for your help, Actually it was related to netlimiter application there was something related to it, After I uninstalled netlimiter the ack packets just gone

(07 Sep '14, 10:17) CIT Developer
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×139
×42
×22

question asked: 07 Sep '14, 05:12

question was seen: 1,616 times

last updated: 07 Sep '14, 22:33

p​o​w​e​r​e​d by O​S​Q​A