Protocol groups might help. Should be at least x(10?) dissectors or large ones.
Group Ideas:
Telco ( Better name? POTS, 2G, 3g etc)
File Storage ( DCE-RPC etc)
Car industry (ITS, CAN? ...
HomeAutomation ( Zigbee? ...
Bittorrent?
Games
...
Best regards
Anders
The problem as I see it is that even if we have good heurustic detection. Worst case we might try every heurustic against every packet in the trace and make no match. But if you have traces with say trift or suspected trift you can enable the trift heuristic. Now worst case is trying one heuristic for every packet.
Downside is you will have to know which heuristics to enable, otoh you can always enable all again.
There's a "No Reassembly" profile that is automatically generated by a Python scripts in the tools directory that disables all the reassembly related preferences. I think it would be helpful to have extra default profiles that target different levels of enabled heuristic dissectors. (A profile optimized for speed with very few enabled, only reliable ones, only ones you might see on the public Internet but not industrial protocols, etc.) I think that both inexperienced and experienced users alike might want to quickly switch between large numbers of heuristics enabled and disabled without having to do it individually. If I am trying to characterize a completely unknown capture where I don't know what is there I have a different use case than a network where I already have a good idea what to expect.
Cheers,
John
Wireshark-dev mailing list -- wireshark-dev@xxxxxxxxxxxxx
To unsubscribe send an email to wireshark-dev-leave@xxxxxxxxxxxxx