wireshark-dev October 2010 archive
Main Archive Page > Month Archives  > wireshark-dev archives
wireshark-dev: Re: [Wireshark-dev] Stripping Dissectors from wir

Re: [Wireshark-dev] Stripping Dissectors from wireshark.

From: Hadriel Kaplan <HKaplan_at_nospam>
Date: Fri Oct 22 2010 - 14:32:01 GMT
To: Developer support list for Wireshark <wireshark-dev@wireshark.org>

In wireshark, select "analyze" -> "enabled protocols..." and uncheck everything you don't need. (though you will need to keep the lower layers dissected - e.g., for HTTP you'd need to keep Ethernet, IP, TCP selected, and possibly IPv6, and of course HTTP and possibly SSL, etc)

If all you want is HTTP, and only for port 80 or 443 or whatever, you could use a BPF capture filter to only capture the right packets to begin with - that'll speed it up.

-hadriel

On Oct 21, 2010, at 9:56 PM, rishab gupta wrote:

Hi,
I want to speed up wireshark. I am concerned with only the major protocols
such as http. Will it be a good idea to remove the dissectors that serve
no purpose for me? If so how do I go about it, because every dissector
seems to have a lot of dependencies wrapped around it...
Any help will be much appreciated.

Best,
Rishabh Gupta

<ATT00001..c>

___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe