Hi All, How to disable/enable the protocols using tshark commands? Could you tell me the ASAP. Regards, Swathi. asked 14 Mar '16, 02:26  swathi jakkam |
One Answer:
Assuming you use Wireshark 2.0.x, you can use the --disable-protocol option as found in the man page. You can also manually edit the disabled_protos file as described in the same man page. It is applicable fro all Wireshark releases as far as I know. answered 14 Mar '16, 03:23  Pascal Quantin edited 14 Mar '16, 06:50 |
In the context of your other recent questions, I suspect you are actually seeking ways to reduce the amount of data which Tshark has to process so that you would be able to handle longer (in terms of time) captures. Is this suspicion correct?