Hi, About the Enabled Protocols dialog, it looks like the User Guide was not updated for a while and this specific Heuristics topic would benefit to be more detailed. I am opening an issue to track this documentation update.
Le ven. 21 nov. 2025 à 10:21, Anders Broman <[email protected]> a écrit : > > The main concern I try to adress is when we have a large number of heuristics > trying to match on a large mumber of packets but making no match. > > As an example one of the dissectors switched to heuristics default off deals > with communication between a controler and a drone. Which must be a very rare > case. > > In the gui it is easy to turn all heuristics on or off. Making a selection is > more difficult as you would have to understand in what kind of environment > the protocols may be used. > > > > > Den fre 21 nov. 2025 09:49Guy Harris <[email protected]> skrev: >> >> On Nov 20, 2025, at 11:08 PM, Guy Harris <[email protected]> wrote: >> >> > Do we have any numbers on how much of a performance improvement results >> > form disabling all heuristics? >> >> ...bearing in mind that disabling those heuristics could speed up dissection >> *because packets aren't being dissected past a certain point*. >> >> E.g., testing with a large NFS capture (NFS is recognized by its ONC RPC >> program number, not by being on port 2049, and ONC RPC is recognized by >> heuristics) would probably show a speedup because neither the ONC RPC >> dissector nor the NFS dissector are called, regardless of time spent with >> heuristics that fail. >> >> Note, though, that the ONC RPC dissector sets the "conversation dissector" >> for the TCP connection or UDP "connection" to be the ONC RPC dissector once >> it recognizes an ONC RPC packet, so that dissection of subsequent packets >> shouldn't involve the heuristics. >> >> _______________________________________________ >> Wireshark-dev mailing list -- [email protected] >> To unsubscribe send an email to [email protected] > > _______________________________________________ > Wireshark-dev mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ Wireshark-dev mailing list -- [email protected] To unsubscribe send an email to [email protected]
