Ask Your Question
0

How to know which protocols were used to parse some packet

asked 2019-06-03 17:16:23 +0000

e271p314 gravatar image

updated 2019-06-03 17:18:34 +0000

All protocols are enabled, I look on the first packet and I see 4 layers

>Frame1...
>Linux cooked capture
>IPv4
>TCP

I want to control better the protocols and to enable only the minimal set but I don't know the names of the protocols in the layers. Can I know the protocols names by enabling all, and figure out the protocol names that need to be enabled? For instance can you tell the protocol names as they appear under Analyze->Enabled Protocols for the first two layers? Is it even possible to see this packet with only 4 protocols enabled?

edit retag flag offensive close merge delete

Comments

What are you trying to achieve by "enabling the minimum set"? While the code for the dissector for a protocol will be in the binary, it won't consume any extra CPU cycles or memory if that protocol isn't present in a capture (not withstanding heuristic dissectors).

grahamb gravatar imagegrahamb ( 2019-06-03 17:28:24 +0000 )edit

I suspect the packet is not parsed correctly and I want to limit the enabled protocols to minimum in order to be sure what protocols were used to parse the packet, it is not about CPU or system resources

e271p314 gravatar imagee271p314 ( 2019-06-03 17:33:31 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-06-03 17:52:03 +0000

grahamb gravatar image

So you want to print out the protocols in a frame? If so, maybe use tshark with the -T fields option and select the field -e frame.protocols, e.g.

tshark -r capture.pcap -T fields -e frame.number -e frame.protocols
edit flag offensive delete link more

Comments

Yes, you helped, I got this sll:ethertype:ip:tcp after some trial and error I managed to see this packet with only 3 protocols enabled SLL, IPv4 and TCP

e271p314 gravatar imagee271p314 ( 2019-06-03 19:01:42 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2019-06-03 17:16:23 +0000

Seen: 351 times

Last updated: Jun 03 '19

Related questions

Proprietary CAN dissector - dissector is never called

I built wireshark 2.5.0 however there are no dissectors in the epan/dissector directory, there are in the wireshark source directory copied with Git

Testing Lua Dissectors [closed]

When is the next planned official release for Wireshark 2.9

Is there a simple LUA script as an example for simple pcaps?

MATE Protocol weirdness [closed]

Setting a field optional when registering the header? (possible?)

how to precompile and use precompiled lua dissectors

Dissector doesn't do anything

How to leave only the dissectors of signaling protocols?

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2