This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Disabling protocols via tshark command line

0

I am using tshark with matlab so that we can analyze the data in matlab. I recently had a problem where a UDP "blob" message was being decoded as an GVSP message, and in some instances the Field "data" was not being returned in the tshark decode. I eventually discovered that if I turned off the GVSP protocol in wireshark that the tshark decoding then worked.

Since I deliver the matlab that calls the tshark to "clients", it would be nice if I didn't have to also tell them to disable GVSP. I also deliver this to clients on both Linux and windows who may have totally different versions of wire shark installed, so to build a configuration that has GVSP disabled would be problematic.

So to get to the question is there a way that I can just define on the command line that I want all UDP messages to be decoded as UDP and nothing else?

Thanks Mark

asked 31 Jan '17, 06:13

petschek's gravatar image

petschek
6112
accept rate: 0%

One Answer:

0

From the tshark man page:

--disable-protocol <proto_name>

Disable dissection of proto_name.</code></pre><p>If the version of Wireshark is too old and doesn't support this option, you could add <code>gvsp</code> to the <code>disabled_protos</code> file located in the Wireshark <em>"Personal configuration"</em> folder.</p><p>But since that changes the users' configuration, perhaps a better alternative is for you to create a separate <em>"matlab"</em> Wireshark <a href="https://www.wireshark.org/docs/wsug_html_chunked/ChCustConfigProfilesSection.html">profile</a> and ask your users to copy it to their <em>"Personal configuration"</em> profiles directory, which would only need to be done once. That profile could disable all protocols except for only those that you want enabled. After that, you can just run <code>tshark</code> with the <code>[ -C configuration profile ]</code> option. All other profiles would be unaffected.</p></div><div class="answer-controls post-controls"></div><div class="post-update-info-container"><div class="post-update-info post-update-info-user"><p>answered <strong>31 Jan '17, 07:50</strong></p><img src="https://secure.gravatar.com/avatar/55158e2322c4e365a5e0a4a0ac3fbcef?s=32&amp;d=identicon&amp;r=g" class="gravatar" width="32" height="32" alt="cmaynard&#39;s gravatar image" /><p><span>cmaynard ♦♦</span><br />



9.4k1038142

accept rate: 20%