Re: protocols to keep enabled?

[Jaap Keuter <jaap.keuter () xs4all nl>]

Hi,

In a perfect world everything would be deterministic, every service would use
it's designated transport protocol port, no confusion ever about what protocol
is used.

In the real world things are 'a bit messy'. So Wireshark is trying to do its
best to make sense of it all and show you as much as possible. But sometimes it
gets it wrong. As you say there are some solutions to it, but which one are
right for everyone? That's an impossible question since Wireshark is used in so
many different environments. You may be disabling bluetooth protocols, but if
you ask Michal Labedzki he has them enabled, day and night.

So in short, there are no hard and fast rules about this. Setup a profile and
tune that to fit your situation as good as possible. That's the best advice I
can give.

Thanks,
Jaap


On 30-11-16 17:20, Lee wrote:
> Is there a write-up somewhere showing which protocols should be
> enabled for different scenarios?
>
> I did a capture & the source picked tcp port 4556 for sending so
> wireshark decides it's "tcp bundle" protocol and displays much
> garbage.
> Analyze / Enabled Protocols
> remove the checkmark next to Bundle
> click on Save
>
> and garbage goes away :)   But while I was there I noticed about 500
> lines of Bluetooth GATT protocols; I'm guessing that I'm not going to
> be looking at any bluetooth anything, so _way_ too many clicks later
> all that is turned off.  Any recommendations on what else should be
> turned off?
>
> Thanks,
> Lee

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe