Wireshark mailing list archives

Re: overriding dissector for port 8080

From: "John Dill" <John.Dill () greenfieldeng com>
Date: Fri, 4 Apr 2014 10:43:59 -0400

Message: 2
Date: Fri, 4 Apr 2014 10:19:52 -0400
From: Hadriel Kaplan <hadriel.kaplan () oracle com>
To: Developer support list for Wireshark <wireshark-dev () wireshark org>
Subject: Re: [Wireshark-dev] overriding dissector for port 8080
Message-ID: <D1433E77-410E-44ED-9CB6-2CD341618E2B () oracle com>
Content-Type: text/plain; charset=windows-1252

On Apr 4, 2014, at 9:56 AM, John Dill <John.Dill () greenfieldeng com> wrote:

I also noticed a disabled_protos.[ch], so maybe there is a feature to
disable other protocols.  Is there a feature that could be used to hide
protocols I don't need in the Filter Expression (to reduce the list to
simplify the interface to users)?


No, I don't think there's a way to simplify what's in the Filter
Expression dialog short of removing dissectors from Wireshark (probably
more effort than it's worth).


The only reason would be to simplify the interface for test engineers who
like to streamline their process (it would remove the need to constantly
type the protocol abbreviation).  It would happen at the end of the
development cycle if at all.


Can?t you just create some filter macros [1] to do that for you?

[1] http://www.wireshark.org/docs/wsug_html_chunked/ChDisplayFilterMacrosSection.html


That would work well for filter expressions that different test engineers
would commonly use.  However, there are hundreds of messages each ranging
from one to several hundred data elements that engineers would have to
browse to build their own expressions to begin with, and it really depends
on the types of tests they are doing, or troubleshooting new problems.
The Filter Expression dialog is the best place in Wireshark to locate the
data elements they are looking for, so it was mentioned as a "nice to have".

Since often times the test engineers (or really anyone) do not have
intimate knowledge of all the message traffic and memory of its exact
contents (unless you can memorize several thousand pages of reference
documents), much of the browsing happens in the Filter Expression dialog.

Best regards,
John Dill

<<winmail.dat>>

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

overriding dissector for port 8080 John Dill (Apr 03)
- Re: overriding dissector for port 8080 Alexis La Goutte (Apr 03)
- Re: overriding dissector for port 8080 Jeff Morriss (Apr 03)
- <Possible follow-ups>
- Re: overriding dissector for port 8080 John Dill (Apr 04)
  - Re: overriding dissector for port 8080 Hadriel Kaplan (Apr 04)
- Re: overriding dissector for port 8080 John Dill (Apr 04)
  - Re: overriding dissector for port 8080 Hadriel Kaplan (Apr 04)
- Re: overriding dissector for port 8080 John Dill (Apr 04)