Anyway to hide expert info

Question

I am trying to parse XMPP messages. Looks like some attribute/elements are unknown. For each this attribute/element, there is "expert info" next to it. It is kind of annoying and make hard to read the packet info. Following is a screen capture.

alt text

Is there any way to remove expert info from the display window?

Answer 1

0

No, there's no way to do that (short of modifying Wireshark's source code).

Can I ask why you'd want to?

answered 08 Feb '16, 11:08

JeffMorriss ♦
6.2k●5●72
accept rate: 27%

Just updated my question above.

(08 Feb '16, 11:24) yacare

In that case, and assuming that the highlighted fields actually are valid XMPP, I'd suggest opening an enhancement request (with a sample capture) asking Wireshark to correctly decode those fields (that is, make Wireshark understand them/decode them so it stops noting that it didn't understand/decode them).

(08 Feb '16, 11:29) JeffMorriss ♦

Answer 2

To answer my question, expert info will not be shown when wireshark runs in command line with tshark.

Frame 4045: 971 bytes on wire (7768 bits), 971 bytes captured (7768 bits)
Ethernet II, Src: f0:1c:2d:43:ee:27 (f0:1c:2d:43:ee:27), Dst: 5c:b9:01:8b:6f:3c (5c:b9:01:8b:6f:3c)
Internet Protocol Version 4, Src: 172.222.19.203 (172.222.19.203), Dst: 172.222.76.4 (172.222.76.4)
Transmission Control Protocol, Src Port: xmpp-server (5269), Dst Port: 40897 (40897), Seq: 34670, Ack: 18449, Len: 905
[2 Reassembled TCP Segments (2353 bytes): #4043(1448), #4045(905)]
XMPP Protocol
    XML HEADER VER. 1.0
    MESSAGE []
        from: [email protected]
        to: compute4/bgp-peer
        EVENT [xmlns="http://jabber.org/protocol/pubsub"]
            xmlns: http://jabber.org/protocol/pubsub
            ITEMS [node="1/1/default-domain:admin:VRF_TEST:VRF_TEST"]
                node: 1/1/default-domain:admin:VRF_TEST:VRF_TEST
                ITEM [id="1.2.3.6/32"]
                    id: 1.2.3.6/32