Re: protocols to keep enabled?

[Lee <ler762 () gmail com>]

Hi,

On 11/30/16, Jaap Keuter <jaap.keuter () xs4all nl> wrote:
> Hi,
>
> In a perfect world everything would be deterministic, every service would
> use
> it's designated transport protocol port, no confusion ever about what
> protocol is used.
>
> In the real world things are 'a bit messy'. So Wireshark is trying to do its
> best to make sense of it all and show you as much as possible. But sometimes
> it gets it wrong. As you say there are some solutions to it, but which one are
> right for everyone?

I'm not trying to get the defaults changed or anything; I'm just
asking if there's some documentation somewhere for which protocols are
"safe" to disable if you're using only say ethernet.  Right now, I'm
guessing I won't see a bluetooth anything coming in on an ethernet
connection.  Same for X.25, ISDN, ATM, HDCL, GSM maybe?  and what
else??

> That's an impossible question since Wireshark is used in so
> many different environments. You may be disabling bluetooth protocols, but
> if you ask Michal Labedzki he has them enabled, day and night.

I wasn't going to go there, but
has anyone seen a 3Com XNS encapsulation packet in the last 10 years?
UTS?
ISDN?
ATM?

I'm wondering about the cost in terms of memory and cpu usage in
wireshark for having all those protocols enabled by default.

Thanks,
Lee


> So in short, there are no hard and fast rules about this. Setup a profile
> and
> tune that to fit your situation as good as possible. That's the best advice
> I can give.
>
> Thanks,
> Jaap
>
>
> On 30-11-16 17:20, Lee wrote:
> > Is there a write-up somewhere showing which protocols should be
> > enabled for different scenarios?
> >
> > I did a capture & the source picked tcp port 4556 for sending so
> > wireshark decides it's "tcp bundle" protocol and displays much
> > garbage.
> > Analyze / Enabled Protocols
> > remove the checkmark next to Bundle
> > click on Save
> >
> > and garbage goes away :)   But while I was there I noticed about 500
> > lines of Bluetooth GATT protocols; I'm guessing that I'm not going to
> > be looking at any bluetooth anything, so _way_ too many clicks later
> > all that is turned off.  Any recommendations on what else should be
> > turned off?
> >
> > Thanks,
> > Lee
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe