Wireshark mailing list archives
Re: Setting to disable all expert info
From: "Sultan, Hassan via Wireshark-dev" <wireshark-dev () wireshark org>
Date: Wed, 2 Aug 2017 21:23:50 +0000
Thanks for the link Pascal, I wasn't aware of it. I'll look up how tshark does and try to replicate that.
-----Original Message----- From: Pascal Quantin [mailto:pascal.quantin () gmail com] Sent: Wednesday, August 02, 2017 1:05 PM To: Developer support list for Wireshark <wireshark-dev () wireshark org> Cc: Sultan, Hassan <sultah () amazon com> Subject: Re: [Wireshark-dev] Setting to disable all expert info 2017-08-02 22:00 GMT+02:00 Sultan, Hassan via Wireshark-dev <wireshark- dev () wireshark org <mailto:wireshark-dev () wireshark org> >: Here's my scenario : I am planning on using the Wireshark parsing engine in two ways : 1) process massively large captures 2) process live traffic, hopefully in the long term in a permanent manner once the memory growth of the engine can be controlled Did you have a look at https://blog.wireshark.org/2014/07/to-infinity-and- beyond-capturing-forever-with-tshark/ ? In both cases, my automation does not care about any experts at all, it only needs the field information (length/offset/name/hierarchy/encoding...) so these experts are consuming memory for nothing in our case. As Wireshark evolves, new dissectors get added, which might add new experts, and not having a global setting to turn them off would force us to repeatedly search for new experts appearing, which is not a great experience. Now granted, I haven't done measurements on how much memory they consume, the current experts might not represent much, but it's hard to judge when experts can appear in any new dissector, one could appear tomorrow that significantly alters that. Indeed they probably do not represent much compared to all the fields registered by dissectors. Moreover you are the first one I remember asking for such a feature. Like Jaap, I do not think this is a good move as of today. Thanks, Hassan > -----Original Message----- > From: Wireshark-dev [mailto:wireshark-dev-bounces () wireshark org <mailto:wireshark-dev-bounces () wireshark org> ] On Behalf > Of Jaap Keuter > Sent: Wednesday, August 02, 2017 11:59 AM > To: Sultan, Hassan via Wireshark-dev <wireshark-dev () wireshark org <mailto:wireshark-dev () wireshark org> > > Subject: Re: [Wireshark-dev] Setting to disable all expert info > > Are we going to be picking off features one by one to get the memory footprint > down? Then I see a long list of preference settings growing from this. Not > something I look forward to. > > > On 02-08-17 20:43, Sultan, Hassan via Wireshark-dev wrote: > > Hi, > > > > > > > > Am I right in my understanding that there is no global way of > > disabling insertion of expert information ? > > > > > > > > Assuming I’m correct, would anyone object to me adding that setting ? > > That would be another way of lowering memory footprint. > > > > > > > > Thx, > > > > > > > > Hassan > > > > > _________________________________________________________________ > __________ > Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org <mailto:wireshark-dev () wireshark org> > > Archives: https://www.wireshark.org/lists/wireshark-dev <https://www.wireshark.org/lists/wireshark-dev> > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark- dev <https://www.wireshark.org/mailman/options/wireshark-dev> > mailto:wireshark-dev-request () wireshark org <mailto:wireshark-dev-request () wireshark org> ?subject=unsubscribe __________________________________________________________ _________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org <mailto:wireshark-dev () wireshark org> > Archives: https://www.wireshark.org/lists/wireshark-dev <https://www.wireshark.org/lists/wireshark-dev> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark- dev <https://www.wireshark.org/mailman/options/wireshark-dev> mailto:wireshark-dev-request () wireshark org <mailto:wireshark- dev-request () wireshark org> ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Setting to disable all expert info Sultan, Hassan via Wireshark-dev (Aug 02)
- Re: Setting to disable all expert info Jaap Keuter (Aug 02)
- Re: Setting to disable all expert info Sultan, Hassan via Wireshark-dev (Aug 02)
- Re: Setting to disable all expert info Pascal Quantin (Aug 02)
- Re: Setting to disable all expert info Guy Harris (Aug 02)
- Re: Setting to disable all expert info Dario Lombardo (Aug 04)
- Re: Setting to disable all expert info Sultan, Hassan via Wireshark-dev (Aug 02)
- Re: Setting to disable all expert info Sultan, Hassan via Wireshark-dev (Aug 02)
- Re: Setting to disable all expert info Jaap Keuter (Aug 02)