You can also have broadcasts in fixed patterns, for example, every fixed amount of time, as shown in this screenshot:

The graph is configured for a Tick interval (under X Axis) of 1 min, and for the following filters:

• The red filter for all broadcasts in the network (eth.addr ==ff:ff:ff:ff:ff:ff)
• The green filter for broadcasts that are ARP requests (arp.opcode ==1)

What we see here is that around every 5 minutes, there is a burst of ARP requests (the green dots). If we click on one of the dots in the graph, it will take us to the packet in the capture pane.

In the following screenshot, we see the scan pattern that happens every 5 minutes:

We can see that it is the d-link router (based on the source MAC address) that scans the internal network. This can be good or bad, but it's good to check what is running in our network.