This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

suppress dissector errors/warnings when packet is sliced

0

Hi, When Wireshark tries to dissect sliced packets it displays errors/warnings for various protocol types for example SSL, SSH, OTV etc. Is there a way to suppress dissector errors/warning when packets is sliced/trimmed? If not can this be added as option? Thank you

asked 16 Mar '17, 11:55

yakovd's gravatar image

yakovd
6334
accept rate: 0%


One Answer:

0

Codewise it's not easy to suppress the warnings, a dissector shouldn't try to check the packet length, just try to dissect it and get the malformed exception if it's too short.

What you can do though, is create a profile and disable all dissectors except the one up to where you sliced, i.e. Ethernet, ip, tcp so that other dissectors aren't called.

answered 16 Mar '17, 12:07

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%