How to do it...

1. From the Statistics menu, choose Protocol Hierarchy:

What you will get is data about the protocol distribution in the captured file. You will get the protocol distribution of the captured data.

2. The partial screenshot displayed here depicts the statistics of packets captured on a per-protocol basis:

What you will get is the Protocol Hierarchy window:

• Protocol: The protocol name
• Percent Packets: The percentage of protocol packets from the total captured packets
• Packets: The number of protocol packets from the total captured packets
• Percent Bytes: The percentage of protocol bytes from the total captured packets
• Bytes: The number of protocol bytes from the total captured packets
• Bit/s: The bandwidth of this protocol, in relation to the capture time
• End Packets: The absolute number of packets of this protocol (for the highest protocol in the decode file)
• End Bytes: The absolute number of bytes of this protocol (for the highest protocol in the decode file)
• End Bit/s: The bandwidth of this protocol, relative to the capture packets and time (for the highest protocol in the decode file)

In this file example, we can see two interesting issues:

• We can see 1,842 packets of DHCPv6. If IPv6 and DHCPv6 are not required, disable it.
• We see more than 200,000 checkpoint high availability (CPHA) packets, 74.7% of which are sent over the network we monitored. These are synchronization packets that are sent between two firewalls working in a cluster, updating session tables between the firewalls. Such an amount of packets can severely influence performance. The solution for this problem is to configure a dedicated link between the firewalls so that session tables will not influence the network.