Wireshark-dev: Re: [Wireshark-dev] Enabling/disabling ANY heuristic dissector
From: Pascal Quantin <[email protected]>
Date: Mon, 13 Jul 2015 16:03:53 +0200


Le 13 juil. 2015 3:32 PM, <[email protected]> a écrit :
>
> I thought somebody might complain about something like this, but I was more focused on the Wireshark (packet) context menu, where I was less inclined to make changes.  This however seems like a more valid use case to consider.  My question back would be - what "string" should be used by tshark?  The "display name" can have some undesirable characters in it from a command line perspective (ie probably require quotes), and the "internal" short name string isn't otherwise exposed for users to learn what is.
> Should the "short name" be exposed on the tabbed dialog so users can learn it to apply it to a (new) tshark option?
>  

I think we should expose the short name to users.
Preferences have their internal name displayed in a pop-up. We could either do the same, or have the internal name explicitly displayed in a column.
Should the enabled / disabled heuristic protocol given in the command line be ephemeral or persistent? I believe it should be the former, like the DL mapping value you can indicate manually in the command line and that does not get stored.

Pascal.

>  
>  
> -----Original Message-----
> From: Pascal Quantin <[email protected]>
> To: Developer support list for Wireshark <[email protected]>
> Sent: Mon, Jul 13, 2015 9:21 am
> Subject: Re: [Wireshark-dev] Enabling/disabling ANY heuristic dissector
>
>
> Le 13 juil. 2015 3:03 AM, <[email protected]> a écrit :
> >
> > With:
> >  
> > https://code.wireshark.org/review/9508/
> > https://code.wireshark.org/review/9610/
> > (and already submitted https://code.wireshark.org/review/9602/)
> >  
> > I consider this "feature complete enough for now".  If Qt wants to provide a better "user interface" for "heuristics in general", it certainly has some flexibility to do so.  Unless there are major issues/comments, I'll submit in a few days (presuming all pass Petri-Dish)
> Hi Michael,
> Sorry I come late in the discussion. I do not have access to a computer right now so I cannot easily look at the patch (the latest Gerrit diff page is rather smartphone unfriendly) but is there a way to activate heuristic dissectors from tshark / wireshark command line? I use an external tool launching both programs with the right command line and it would be a real functionality loss if it could not be done anymore.
> Note that I consider your overall goal as a good achievement (it was frustrating not to be able to deactivate easily some weak heuristics) but I would dislike losing the ability to activate on demand a given heuristic that is deactivated by default for performance reasons.
> Pascal.
>  
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <[email protected]>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:[email protected]?subject=unsubscribe