I checked only Kerberos protocols in "Enabled Protocols" list. But "Capturing..." window shows a lot of "Unknown protocol" records. Is it possible to hide these records? asked 13 Jan '11, 00:52  ateam edited 13 Jan '11, 00:53 |
One Answer:
The "Enabled Protocols" preference controls which protocols are attempted to be examined and dissected by Wireshark. Hence by unchecking all of those protocols, Wireshark's only option is to display all of those frames as being "unknown" as you have instructed it to not attempt to find out what they are. To only capture Kerberos packets, specify an appropriate capture filter, such as "tcp port 88 or udp 88" in the Capture options window. Alternatively, you might choose to not filter during capture, and just apply a display filter after the fact, such as just plain "kerberos" answered 13 Jan '11, 02:55  martyvis |
