Some binary analysis tools have a scan/deep scan feature for more slow, memory-intensive and time-consuming analysis. Perhaps wireshark might benefit from that?
I agree that a scan against heuristics with every load as it currently does has quite some performance impact and might be undesirable, but perhaps it might be more user-friendly to have a 'deep scan' feature that users can press/toggle(but default off) when they want to see if there is any match against any known protocol? Op vr 21 nov 2025, 08:08 schreef Guy Harris <[email protected]>: > On Nov 19, 2025, at 6:53 AM, Anders Broman <[email protected]> wrote: > > > Should heuristic (udp/tcp) be default off to speed up dissection of > larger files? Or > > should we just disable the more unusual ones? > > I'd vote for "disable the more unusual ones" - or "have profiles that > disable the ones unlikely to be used in that context". > > ONC RPC, for example, has some pretty good heuristics, and, at least at > one point, was fairly common, even for protocols that, unlike portmap/NFS, > don't have ports assigned to them (e.g., YP/NIS). I'd leave that one > enabled. > > Do we have any numbers on how much of a performance improvement results > form disabling all heuristics? > _______________________________________________ > Wireshark-dev mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ Wireshark-dev mailing list -- [email protected] To unsubscribe send an email to [email protected]
