Ask Your Question

Revision history [back]

If you want to remove dissectors from Wireshark, then for each dissector you no longer want to be included with Wireshark, you'll have to reverse the process for adding a dissector as described as described in README.dissector and README.plugins.

For the built-in dissectors, this is a rather simple matter (at least in theory but doesn't account for dependencies if you remove a dissector that another one depends on) that basically involves removing the unwanted dissector(s) from the DISSECTOR_SRC. It's a little more involved to remove plugins, so refer to the README.plugins file for all the details.

Of course if you also want to remove pidl and/or asn1 dissectors, then you'll have to remove those dissectors from the PDL_DISSECTOR_SRC and/or ASN1_DISSECTOR_SRC, but it might be more involved than that. There are no README.pidl or README.asn1 files to go by; however there are the Pidl and Asn2wrs wiki pages, which may be of some help here.

As for continuously capturing, as mentioned in the comments to the question, your best bet is probably just to use dumpcap, tshark or tcpdump.

If you want to remove dissectors from Wireshark, then for each dissector you no longer want to be included with Wireshark, you'll have to reverse the process for adding a dissector as described as described in README.dissector and README.plugins.

For the built-in dissectors, this is a rather simple matter (at least in theory but doesn't account for dependencies if you remove a dissector that another one depends on) that basically involves removing the unwanted dissector(s) from the DISSECTOR_SRC. It's a little more involved to remove plugins, so refer to the README.plugins file for all the details.

Of course if you also want to remove pidl and/or asn1 dissectors, then you'll have to remove those dissectors from the PDL_DISSECTOR_SRC and/or ASN1_DISSECTOR_SRC, but it might be more involved than that. There are no README.pidl or README.asn1 files to go by; however there are the Pidl and Asn2wrs wiki pages, which may be of some help here.

As for continuously capturing, as mentioned in the comments to the question, your best bet is probably just to use dumpcap, tshark or tcpdump.