Re: Stripping Dissectors from wireshark.

[Kaul <mykaul () gmail com>]

On Fri, Oct 22, 2010 at 4:32 PM, Hadriel Kaplan <HKaplan () acmepacket com>wrote:

> In wireshark, select "analyze" -> "enabled protocols..." and uncheck
> everything you don't need. (though you will need to keep the lower layers
> dissected - e.g., for HTTP you'd need to keep Ethernet, IP, TCP selected,
> and possibly IPv6, and of course HTTP and possibly SSL, etc)

There are so many protocols, that it's useless to even try.
Would be nice if they were:
(1) grouped by 'families' (example: all the ZigBee protocols)
(2) grouped by layers (example: all the ATM stuff)

Y.


> If all you want is HTTP, and only for port 80 or 443 or whatever, you could
> use a BPF capture filter to only capture the right packets to begin with -
> that'll speed it up.
>
> -hadriel
>
> On Oct 21, 2010, at 9:56 PM, rishab gupta wrote:
>
>  Hi,
> I want to speed up wireshark. I am concerned with only the major protocols
> such as http. Will it be a good idea to remove the dissectors that serve
> no purpose for me? If so how do I go about it, because every dissector
> seems to have a lot of dependencies wrapped around it...
> Any help will be much appreciated.
>
> Best,
> Rishabh Gupta
>
> <ATT00001..c>
>
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe