The user can control how protocols are dissected.
Each protocol has its own dissector, so dissecting a complete packet will typically involve several dissectors. As Wireshark tries to find the right dissector for each packet (using static “routes” and heuristics “guessing”), it might choose the wrong dissector in your specific case. For example, Wireshark won’t know if you use a common protocol on an uncommon TCP port, e.g. using HTTP on TCP port 800 instead of the standard port 80.
There are two ways to control the relations between protocol dissectors: disable a protocol dissector completely or temporarily divert the way Wireshark calls the dissectors.
The Enabled Protocols dialog box lets you enable or disable specific protocols. All protocols are enabled by default. When a protocol is disabled, Wireshark stops processing a packet whenever that protocol is encountered.
Disabling a protocol will prevent information about higher-layer protocols from being displayed. For example, suppose you disabled the IP protocol and selected a packet containing Ethernet, IP, TCP, and HTTP information. The Ethernet information would be displayed, but the IP, TCP and HTTP information would not - disabling IP would prevent it and the other protocols from being displayed.
To enable or disable protocols select Figure 11.4, “The “Enabled Protocols” dialog box”.→ . Wireshark will pop up the “Enabled Protocols” dialog box as shown in
To disable or enable a protocol, simply click on it using the mouse or press the space bar when the protocol is highlighted. Note that typing the first few letters of the protocol name when the Enabled Protocols dialog box is active will temporarily open a search text box and automatically select the first matching protocol name (if it exists).
You must use thebutton to save your settings. The or buttons will not save your changes permanently and they will be lost when Wireshark is closed.
You can choose from the following actions:
The “Decode As” functionality lets you temporarily divert specific protocol dissections. This might be useful for example, if you do some uncommon experiments on your network.
Decode As is accessed by selecting the Figure 11.5, “The “Decode As” dialog box”.→ . Wireshark will pop up the “Decode As” dialog box as shown in
The content of this dialog box depends on the selected packet when it was opened.
These settings will be lost if you quit Wireshark or change profile unless you save the entries in the Show User Specified Decodes… windows (Section 11.4.3, “Show User Specified Decodes”).
This dialog box shows the currently active user specified decodes. These entries can be saved into current profile for later session.