The profile-based presets looks like a good approach. How would these profiles get generated? - Hard-coded lists? - “Tags” in the dissectors indicating to which categories they belong?
In any case, we can start with a few obvious sets like the “safe” one proposed by John and most of the ones proposed by Anders (also not sure about Bittorrent as a category, seems too specific). I may suggest the "Web" category including the dissectors for the content of the data since there’s not much heuristics between frame and HTTP. Le mer. 19 nov. 2025 à 21:46, Anders Broman <[email protected]> a écrit : > Protocol groups might help. Should be at least x(10?) dissectors or large > ones. > Group Ideas: > Telco ( Better name? POTS, 2G, 3g etc) > File Storage ( DCE-RPC etc) > Car industry (ITS, CAN? ... > HomeAutomation ( Zigbee? ... > Bittorrent? > Games > ... > Best regards > Anders > > > Den ons 19 nov. 2025 kl 22:04 skrev John Thacker <[email protected]>: > >> On Wed, Nov 19, 2025 at 3:59 PM Anders Broman <[email protected]> >> wrote: >> >>> The problem as I see it is that even if we have good heurustic >>> detection. Worst case we might try every heurustic against every packet in >>> the trace and make no match. But if you have traces with say trift or >>> suspected trift you can enable the trift heuristic. Now worst case is >>> trying one heuristic for every packet. >>> >>> Downside is you will have to know which heuristics to enable, otoh you >>> can always enable all again. >>> >> >> There's a "No Reassembly" profile that is automatically generated by a >> Python scripts in the tools directory that disables all the reassembly >> related preferences. I think it would be helpful to have extra default >> profiles that target different levels of enabled heuristic dissectors. (A >> profile optimized for speed with very few enabled, only reliable ones, only >> ones you might see on the public Internet but not industrial protocols, >> etc.) I think that both inexperienced and experienced users alike might >> want to quickly switch between large numbers of heuristics enabled and >> disabled without having to do it individually. If I am trying to >> characterize a completely unknown capture where I don't know what is there >> I have a different use case than a network where I already have a good idea >> what to expect. >> >> Cheers, >> John >> _______________________________________________ >> Wireshark-dev mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> > _______________________________________________ > Wireshark-dev mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ Wireshark-dev mailing list -- [email protected] To unsubscribe send an email to [email protected]
