Bad example, that protocol is actually quite in use in games and some industrial applications ;-)
Am Do., 20. Nov. 2025 um 20:48 Uhr schrieb John Thacker < [email protected]>: > Another group is "obsolete." I think even people skeptical about the idea > in general are easily on board with the idea of disabling the Yahoo > Messenger protocol that hasn't been a commercial protocol in well over a > decade. > > On Thu, Nov 20, 2025, 2:46 PM Triton Circonflexe <[email protected]> > wrote: > >> The profile-based presets looks like a good approach. >> How would these profiles get generated? >> - Hard-coded lists? >> - “Tags” in the dissectors indicating to which categories they belong? >> >> In any case, we can start with a few obvious sets like the “safe” one >> proposed by John and most of the ones proposed by Anders (also not sure >> about Bittorrent as a category, seems too specific). >> I may suggest the "Web" category including the dissectors for the content >> of the data since there’s not much heuristics between frame and HTTP. >> >> >> Le mer. 19 nov. 2025 à 21:46, Anders Broman <[email protected]> a >> écrit : >> >>> Protocol groups might help. Should be at least x(10?) dissectors or >>> large ones. >>> Group Ideas: >>> Telco ( Better name? POTS, 2G, 3g etc) >>> File Storage ( DCE-RPC etc) >>> Car industry (ITS, CAN? ... >>> HomeAutomation ( Zigbee? ... >>> Bittorrent? >>> Games >>> ... >>> Best regards >>> Anders >>> >>> >>> Den ons 19 nov. 2025 kl 22:04 skrev John Thacker <[email protected] >>> >: >>> >>>> On Wed, Nov 19, 2025 at 3:59 PM Anders Broman <[email protected]> >>>> wrote: >>>> >>>>> The problem as I see it is that even if we have good heurustic >>>>> detection. Worst case we might try every heurustic against every packet in >>>>> the trace and make no match. But if you have traces with say trift or >>>>> suspected trift you can enable the trift heuristic. Now worst case is >>>>> trying one heuristic for every packet. >>>>> >>>>> Downside is you will have to know which heuristics to enable, otoh you >>>>> can always enable all again. >>>>> >>>> >>>> There's a "No Reassembly" profile that is automatically generated by a >>>> Python scripts in the tools directory that disables all the reassembly >>>> related preferences. I think it would be helpful to have extra default >>>> profiles that target different levels of enabled heuristic dissectors. (A >>>> profile optimized for speed with very few enabled, only reliable ones, only >>>> ones you might see on the public Internet but not industrial protocols, >>>> etc.) I think that both inexperienced and experienced users alike might >>>> want to quickly switch between large numbers of heuristics enabled and >>>> disabled without having to do it individually. If I am trying to >>>> characterize a completely unknown capture where I don't know what is there >>>> I have a different use case than a network where I already have a good idea >>>> what to expect. >>>> >>>> Cheers, >>>> John >>>> _______________________________________________ >>>> Wireshark-dev mailing list -- [email protected] >>>> To unsubscribe send an email to [email protected] >>>> >>> _______________________________________________ >>> Wireshark-dev mailing list -- [email protected] >>> To unsubscribe send an email to [email protected] >>> >> _______________________________________________ >> Wireshark-dev mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> > _______________________________________________ > Wireshark-dev mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ Wireshark-dev mailing list -- [email protected] To unsubscribe send an email to [email protected]
