# Revision history [back]

### Disabling all protocols above TCP in tshark

Hey,

I'm using tshark to analyze some TCP that has no specified protocol, and am using the following filters:

not _ws.malformed and tcp and not tcp.analysis.retransmission and not tcp.analysis.fast_retransmission

I saw that some packets are missing from the stream, and after some investigation, I found out that *shark thinks that this packet (or stream) is IRC for some reason, and that the missing packets are malformed.

I know for certain that this stream does not contain IRC (it is the output of hexdump piped into nc)

How can I tell tshark to not decode any protocol above TCP?

### Disabling all protocols above TCP in tshark

Hey,

I'm using tshark to analyze some TCP that has no specified protocol, and am using the following filters:

not _ws.malformed and tcp and not tcp.analysis.retransmission and not tcp.analysis.fast_retransmission

I saw that some packets are missing from the stream, and after some investigation, I found out that *shark thinks that this packet (or stream) is IRC for some reason, and that the missing packets are malformed.

I know for certain that this stream does not contain IRC (it is the output of hexdump piped into nc)

How can I tell tshark to not decode any protocol above TCP?TCP? Alternatively, is there another way to check for malformed packets, but with regards to TCP or lower layers only?

### Disabling all protocols above TCP in tshark

Hey,

I'm using tshark to analyze some TCP that has no specified protocol, and am using the following filters:

not _ws.malformed and tcp and not tcp.analysis.retransmission and not tcp.analysis.fast_retransmission

I saw that some packets are missing from the stream, and after some investigation, I found out that *shark thinks that this packet (or stream) is IRC for some reason, reason (EDIT: It is because of the port number), and that the missing packets are malformed.

I know for certain that this stream does not contain IRC (it is the output of hexdump piped into nc)

How can I tell tshark to not decode any protocol above TCP? Alternatively, is there another way to check for malformed packets, but with regards to TCP or lower layers only?