After playing with Traffic types. It seems its just associating ports it finds in the traffic with most popular protocols and not actually doing any deep packet inspection. This will lead to false traffic types since for instance Kerberos uses a large amount of ports that are also associated with WireGuard.
The traffic type currently doesn’t reveal the service/app causing the traffic. Possibly because there could be multiple services at the same time generating the same type of traffic.
In this case, ports used by the service/app should be collected and grouped and shown also with the destination ip. Possible traffic types from these port usages would be helpful. But just listing possible traffic types in a most used list doesn’t help anything. for instance http/ssl is used by almost every service. But if traffic type appears when clicking on a particular destination ip. that would be extremely helpful. since now we know the ports and a hint of what it was trying to do.