Protocol Hierarchy showing 120%

retag add tags

How do I deal with this? The number of captured packets of specific routing protocol is greater than the total number of captured packets. It just doesn´t make sense.

Please let me know if it´s a bug or I´m missing something. Sadly I can´t attach a picture.

zofre2000

asked 2022-05-18 19:17:29 +0000

edit flag offensive 0 remove flag close merge delete

Comments

Which version of Wireshark (wireshark -v)? Which routing protocol?
(Protocol Hierarchy is a work in progress)

Chuckc (2022-05-18 22:29:16 +0000) edit

I´m using Wireshark 3.2.3 and I´m analyzing B.A.T.M.A.N. Advanced MANET routing protocol. I am capturing packets in network with different TX range set (50, 75, 100, 125 meters) and different network size (10, 20, 30 devices). For every range and size I get something reasonable like 30% or 70% but only for 50 meters with 30 devices I start getting 120% which is absolutely wrong and I simply can´t work with that.

zofre2000 (2022-05-19 08:12:45 +0000) edit

. 1. Can you analyse with a more current version, i.e. 3.6.5 (or you could give the 3.7.0 version a try)? 2. Can you share a 'good case' and 'bad case' capture file on a publicly accessible file share service and post a link here?

Jaap (2022-05-19 11:46:27 +0000) edit

Does your traffic include B.A.T.M.A.N encapsulated in B.A.T.M.A.N?
Issue 7009 has a pcap attached. Right click the Internetwork Datagram Protocol layer in the Packet Details, select Decode As... from the popup and change IDP to BATADV. There are now 26 B.A.T.M.A.N packets in the 13 Frames.

Chuckc (2022-05-19 16:20:59 +0000) edit

So I upgraded my wireshark to 3.6.5 and captured the traffic again. The results are the same. I attach link with dropbox shared screenshots of good and bad case. I hope you can access it. https://www.dropbox.com/s/z00jfndjinl... https://www.dropbox.com/s/jp29mg4oppi...

zofre2000 (2022-05-22 11:17:01 +0000) edit

add a comment see more comments

1 Answer

Sort by

oldest

newest

most voted

Try the Development Release (3.7.0) available from the Wireshark Download page.

The Protocol Hierarchy stats were redone in 6650 - hierarchy stats: Only increment the total packet count once per frame.

image description

Chuckc

answered 2022-06-03 13:25:28 +0000

edit flag offensive 0 remove flag delete link

Comments

Thank you very much for your suggestion, but I need a little bit of help first. I´m trying to resolve this problem on virtual machine (Linux) and I´m not really familiar with this operating system. Can you please help me with installation of development release 3.7.0? I don´t know what to do with the source code tar.xz after decompresing.

zofre2000 (2022-06-03 17:09:54 +0000) edit

UNIX: Installation and Build Instructions
There is a tools directory in the source tree that has Linux setup scripts. Pick the appropriate one for your OS and it will pull in the dependencies.

Chuckc (2022-06-03 21:10:51 +0000) edit

Thank you very much, I finally managed to install it. So I captured the packets again and it worked! It doesn´t show above 100% anymore. I´m going to run a few more tests with different network sizes and tx ranges, but for now I consider this problem solved. Here´s the new capture file: https://www.dropbox.com/s/fg0sd6p1cyl...

zofre2000 (2022-06-04 11:51:09 +0000) edit

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer

Protocol Hierarchy showing 120% edit

Comments

1 Answer

Comments