Wireshark-dev: Re: [Wireshark-dev] how to remove/unregister a dissector?

From: George Nychis <gnychis@xxxxxxxxx>
Date: Tue, 26 Apr 2011 17:54:32 -0400
Hi Chris,

Thanks a bunch for the response. 

I have decided to disable certain protocols using a ~/.wireshark/disabled_protos file (which I confirmed is being read), however despite "smb" and other smb related protocols being in the disabled list, dissect_smb() is still called:

#10 0x00d3386f in dissect_smb (tvb=0x87f03a0, pinfo=0xbfffe95c, parent_tree=0x87d8810) at packet-smb.c:17016

does adding something to the disabled list just prevent it from being printed, but not from being dissected??

On Tue, Apr 26, 2011 at 2:57 PM, Chris Maynard <chris.maynard@xxxxxxxxx> wrote:
George Nychis <gnychis@...> writes:

> Another alternative, is to remove packet-smb* from the build.

In most cases, to remove unwanted protocol dissectors from the build, delete the
relevant packet-*.c files from epan/dissectors/Makefile.common's DISSECTOR_SRC.

Alternatively, you could just disable those protocols via "Analyze -> Enabled
Protocols", then uncheck all those that you don't want/need.  This method does
not require recompiling Wireshark, but it doesn't prevent someone from
re-enabling them again, so if you want to avoid that, then you'll have to
recompile it.



___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe