To Summarize, the total of my subprotocol/subvariant packet percentages do not sum up to its header
In this case: TCP= 97.1%, Subvariants/Subprotocols(Http,TLS,'Data')= ~30%. Nothing else
I understand Transport Layer Protocols may not need to add up incrementally, but I understand that subprotocols/subvariants within them should.
That's approximately ~70% of subprotocol behaviour that is not being viewed or captured by Wireshark? This concerns me as I do not run any ecclectic services or protocols on my device, this is a simple browsing/gaming PC.
From my understanding if Wireshark cannot dissect particular protocols or information if it does not have it built into its installation. However I assumed that packets pertaining to unknown traffic would automatically be grouped either in data or Other Subvariants under a header. However even this is not present so what may best describe this, or how may I go about figuring it out what this remaining traffic is.
A user on another forum suggested using an analysis tool like sflow
