Hi, When Wireshark tries to dissect sliced packets it displays errors/warnings for various protocol types for example SSL, SSH, OTV etc. Is there a way to suppress dissector errors/warning when packets is sliced/trimmed? If not can this be added as option? Thank you

asked 16 Mar, 11:55

yakovd's gravatar image

yakovd
62
accept rate: 0%


Codewise it's not easy to suppress the warnings, a dissector shouldn't try to check the packet length, just try to dissect it and get the malformed exception if it's too short.

What you can do though, is create a profile and disable all dissectors except the one up to where you sliced, i.e. Ethernet, ip, tcp so that other dissectors aren't called.

link

answered 16 Mar, 12:07

grahamb's gravatar image

grahamb ♦
18.6k328196
accept rate: 22%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×594
×1
×1

Asked: 16 Mar, 11:55

Seen: 78 times

Last updated: 16 Mar, 12:07

p​o​w​e​r​e​d by O​S​Q​A