Ask Your Question

Protocol Hierarchy to analyze

asked 2018-08-22 23:31:26 +0000

aussupport gravatar image


I am looking at the Protocol Hierarchy for one site and noticed 29% Logical-Link Control and IPV6 20% and ARP 10% is this normal or do i need to look more issues here?

Protocol Hierarchy



edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2018-08-23 06:24:00 +0000

updated 2018-08-23 06:32:55 +0000

I think the answer here should be - it depends...

Depends on:

  • environment you're capturing on;
  • capture timeframe.

If this is a Protocol Hierarchy for couple minutes of idle background traffic (as it seems like if I look at Bits/s column) - this is quite normal.

Most of Logical-Link Control frames are probably because of STP "heartbeat". You can turn them off moving port on a switch into "BPDU filter" mode or access mode for Cisco (if I remember it correctly). But you must be aware of consequences.

10% ARP - usually nothing special, depending on how large you broadcast domain is and on how many alive devices are in it.

As for IPv6 - this is the one I'd look at most. Because almost all IPv6 traffic is DHCPv6, this is a lot of packets. It's a good idea to look at their source and type.

edit flag offensive delete link more


Thanks, look like bpduguard and port-security are the right tool to stop RSTP traffic. I'll check the IPV6 and disable.

aussupport gravatar imageaussupport ( 2018-08-23 11:40:12 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2018-08-22 23:31:26 +0000

Seen: 674 times

Last updated: Aug 23 '18