 | 1 | initial version |
The transum protocol is disabled by default.
/* Due to performance concerns of the dissector, it's disabled by default */
proto_disable_by_default(proto_transum);
In the tshark man page, there is a small section "Disabled (Enabled) Protocols" which describes the disabled_protos file.
You could move transum from disabled_protos to enabled_protos or enable on the command line:
C:\>tshark -r ./dcerpc_retrans.pcapng -2 -T fields -e transum.art -Y transum.art C:\>tshark -r ./dcerpc_retrans.pcapng -2 -T fields -e transum.art -Y transum.art --enable-protocol transum 0.325236000 0.322582000
There is an open issue (17604: tshark -G reports: add to heuristic-decodes, protocols) to add protocol status to tshark -G protocols.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.