Re: On building better statistics

[João Valverde <j () v6e pt>]

On 15/02/22 20:01, Jaap Keuter wrote:
> > On 15 Feb 2022, at 13:20, João Valverde <j () v6e pt> wrote:
> >
> > And also, it's not really correct to include IP inside ICMP as IP 
> > bytes, but that's another issue entirely.
>
> Looking at the Protocol Hierarchy statistics, only the ‘top level’ 
> protocols are counted. So, an IP header in a ICMP packet don’t get added.
I got that from the WSUG: 
https://www.wireshark.org/docs/wsug_html/#ChStatHierarchy.

"A single packet can contain the same protocol more than once. In this 
case, the protocol is counted more than once. For example ICMP replies 
and many tunneling protocols will carry more than one IP header."

Tunneling such as IP over IP I don't really see a use case where 
counting more than once would be useful, but it's not technically 
incorrect (unlike ICMP).

> You can see that with IPv6, there you can choose to have the IPv6 
> extension headers under the root tree rather than under the IPv6 
> packet. If you put them under the root, they’ll show up in the 
> Protocol Hierarchy statistics, otherwise not.
>
> Regards,
> Jaap
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list<wireshark-dev () wireshark org>
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe:https://www.wireshark.org/mailman/options/wireshark-dev
>               mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe