Wireshark mailing list archives
Re: protocols to keep enabled?
From: Lee <ler762 () gmail com>
Date: Wed, 30 Nov 2016 19:47:28 -0500
Hi, On 11/30/16, Jaap Keuter <jaap.keuter () xs4all nl> wrote:
Hi, In a perfect world everything would be deterministic, every service would use it's designated transport protocol port, no confusion ever about what protocol is used. In the real world things are 'a bit messy'. So Wireshark is trying to do its best to make sense of it all and show you as much as possible. But sometimes it gets it wrong. As you say there are some solutions to it, but which one are right for everyone?
I'm not trying to get the defaults changed or anything; I'm just asking if there's some documentation somewhere for which protocols are "safe" to disable if you're using only say ethernet. Right now, I'm guessing I won't see a bluetooth anything coming in on an ethernet connection. Same for X.25, ISDN, ATM, HDCL, GSM maybe? and what else??
That's an impossible question since Wireshark is used in so many different environments. You may be disabling bluetooth protocols, but if you ask Michal Labedzki he has them enabled, day and night.
I wasn't going to go there, but has anyone seen a 3Com XNS encapsulation packet in the last 10 years? UTS? ISDN? ATM? I'm wondering about the cost in terms of memory and cpu usage in wireshark for having all those protocols enabled by default. Thanks, Lee
So in short, there are no hard and fast rules about this. Setup a profile and tune that to fit your situation as good as possible. That's the best advice I can give. Thanks, Jaap On 30-11-16 17:20, Lee wrote:Is there a write-up somewhere showing which protocols should be enabled for different scenarios? I did a capture & the source picked tcp port 4556 for sending so wireshark decides it's "tcp bundle" protocol and displays much garbage. Analyze / Enabled Protocols remove the checkmark next to Bundle click on Save and garbage goes away :) But while I was there I noticed about 500 lines of Bluetooth GATT protocols; I'm guessing that I'm not going to be looking at any bluetooth anything, so _way_ too many clicks later all that is turned off. Any recommendations on what else should be turned off? Thanks, Lee
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- protocols to keep enabled? Lee (Nov 30)
- Re: protocols to keep enabled? Jaap Keuter (Nov 30)
- Re: protocols to keep enabled? Lee (Nov 30)
- Re: protocols to keep enabled? Jaap Keuter (Nov 30)