Protocol groups might help. Should be at least x(10?) dissectors or large ones. Group Ideas: Telco ( Better name? POTS, 2G, 3g etc) File Storage ( DCE-RPC etc) Car industry (ITS, CAN? ... HomeAutomation ( Zigbee? ... Bittorrent? Games ... Best regards Anders
Den ons 19 nov. 2025 kl 22:04 skrev John Thacker <[email protected]>: > On Wed, Nov 19, 2025 at 3:59 PM Anders Broman <[email protected]> > wrote: > >> The problem as I see it is that even if we have good heurustic detection. >> Worst case we might try every heurustic against every packet in the trace >> and make no match. But if you have traces with say trift or suspected trift >> you can enable the trift heuristic. Now worst case is trying one heuristic >> for every packet. >> >> Downside is you will have to know which heuristics to enable, otoh you >> can always enable all again. >> > > There's a "No Reassembly" profile that is automatically generated by a > Python scripts in the tools directory that disables all the reassembly > related preferences. I think it would be helpful to have extra default > profiles that target different levels of enabled heuristic dissectors. (A > profile optimized for speed with very few enabled, only reliable ones, only > ones you might see on the public Internet but not industrial protocols, > etc.) I think that both inexperienced and experienced users alike might > want to quickly switch between large numbers of heuristics enabled and > disabled without having to do it individually. If I am trying to > characterize a completely unknown capture where I don't know what is there > I have a different use case than a network where I already have a good idea > what to expect. > > Cheers, > John > _______________________________________________ > Wireshark-dev mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ Wireshark-dev mailing list -- [email protected] To unsubscribe send an email to [email protected]
