On 15/02/22 20:01, Jaap Keuter wrote:
On 15 Feb 2022, at 13:20, João Valverde <
j@xxxxxx> wrote:
And also, it's not really correct to
include IP inside ICMP as IP bytes, but that's another
issue entirely.
Looking at the Protocol Hierarchy statistics, only
the ‘top level’ protocols are counted. So, an IP header in a
ICMP packet don’t get added.
I got that from the WSUG:
https://www.wireshark.org/docs/wsug_html/#ChStatHierarchy.
"A single packet can contain the same protocol more than once. In
this case, the
protocol is counted more than once. For example ICMP replies and
many tunneling
protocols will carry more than one IP header."
Tunneling such as IP over IP I don't really see a use case where
counting more than once would be useful, but it's not technically
incorrect (unlike ICMP).
You can see that with IPv6, there you can choose to
have the IPv6 extension headers under the root tree rather than
under the IPv6 packet. If you put them under the root, they’ll
show up in the Protocol Hierarchy statistics, otherwise not.
Regards,
Jaap
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe