User Guide
9.4. Control Protocol dissection
The user can control how protocols are dissected.
Each protocol has its own dissector, so dissecting a complete packet will typically involve several
dissectors. As Wireshark tries to find the right dissector for each packet (using static "routes" and
heuristics "guessing"), it might choose the wrong dissector in your specific case. For example, Wire-
shark won't know if you use a common protocol on an uncommon TCP port, e.g. using HTTP on
TCP port 800 instead of the standard port 80.
There are two ways to control the relations between protocol dissectors: disable a protocol dissector
completely or temporarily divert the way Wireshark calls the dissectors.
9.4.1. The "Enabled Protocols" dialog box
The Enabled Protocols dialog box lets you enable or disable specific protocols, all protocols are en-
abled by default. When a protocol is disabled, Wireshark stops processing a packet whenever that
protocol is encountered.
Note!
Disabling a protocol will prevent information about higher-layer protocols from being
displayed. For example, suppose you disabled the IP protocol and selected a packet
containing Ethernet, IP, TCP, and HTTP information. The Ethernet information would
be displayed, but the IP, TCP and HTTP information would not - disabling IP would
prevent it and the other protocols from being displayed.
Figure 9.5. The "Enabled Protocols" dialog box
Customizing Wireshark
163