Next we'll look at protocol hierarchy. You need to click on Statistics and go to Protocol Hierarchy:

It will give you a breakdown based on the percentages of the packets of the most popular protocols that it saw:

As you can see at the beginning, everything that came in was a Frame. Everything that came in that Frame was an Ethernet frame. And then within that, we have a breakdown of what's within Ethernet. So we have some Internet Protocol Version 6; we have a whole bunch of Internet Protocol Version 4, and a little bit of Address Resolution Protocol:

If we expand Internet Protocol Version 4, we see that the biggest amount of packets that we received were SSDP packets:

Now, this is useful because you can see all the different types of data that have arrived. For example, if you're not expecting to see Connectionless Lightweight Directory Acess Protocol or NetBIOS UDP frames that's useful to see, especially if it were a higher percentage in the number of packets than it saw in the capture. Or let's say, maybe, you shouldn't be seeing any SMB traffic but you do see a lot of SMB traffic; that could be some sort of a breach.