Hi, When Wireshark tries to dissect sliced packets it displays errors/warnings for various protocol types for example SSL, SSH, OTV etc. Is there a way to suppress dissector errors/warning when packets is sliced/trimmed? If not can this be added as option? Thank you asked 16 Mar '17, 11:55 yakovd |
One Answer:
Codewise it's not easy to suppress the warnings, a dissector shouldn't try to check the packet length, just try to dissect it and get the malformed exception if it's too short. What you can do though, is create a profile and disable all dissectors except the one up to where you sliced, i.e. Ethernet, ip, tcp so that other dissectors aren't called. answered 16 Mar '17, 12:07 grahamb ♦ |