Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Building feature reduced Wireshark?

From: Alex Lindberg <alindber@xxxxxxxxx>
Date: Tue, 5 Jan 2010 06:53:43 -0800 (PST)
Many users of Wireshark don't require all of the supported for their day-to-day tasks. Has any consideration been given to providing threw the build process, to select the protocols required by the builder?

In my case, I can't remember the last time I used any decode but the Ethernet/IP/TCP stack with VoIP, MEGACO and some custom dissectors. Token Ring, IPX, Vines, etc. don't have much use to me in my normal day. While this is not true of everyone, if I could build a reduced protocol Wireshark it would, among other things be:

  1. be smaller
  2. less code == lest chance of program faults
  3. less memory required
  4. faster to build

I could see a simple set of "classes" that each dissector would be placed prior to building.  By default all current dissectors would be either core or optional.

  1. core == required dissectors
  2. optional == Dissectors that enhance and provide additional information for core dissectors
  3. header _only_ == dissect only the "root" proto_tree and return.
  4. ignore == do not add to library, dll or plug-in tree.

Any thoughts anyone? Perhaps this capability exists, in that case I apologize.

Alex Lindberg