Have you looked at the various “tshark –G [report]”[1]
options?
For example:
“tshark -G heuristic-decodes | sort”
will get you a sorted listed of HD’s.
“tshark -G protocols”
will get you a list of all supported protocols.
Run “tshark -G help”
for all report types.
There are over 2000 Wireshark supported protocols, so if you only want such a small number of protocols enabled, I would suggest that you first use Wireshark
to disable all protocols via “Analyze -> Enabled Protocols -> Disable All”, and then enable only those specific 15 protocols you want enabled. That will create/update the
disabled_protos file in your Wireshark Personal Configuration folder that tshark should honor.
- Chris
[1]:
https://www.wireshark.org/docs/man-pages/tshark.html
From: Wireshark-users [mailto:wireshark-users-bounces@xxxxxxxxxxxxx]
On Behalf Of Marcin Nawrocki
Sent: Friday, January 5, 2018 9:15 AM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] List and Select Dissectors using Tshark
Hi all,
How do I...
-
...list all available Normal Dissectors (ND) with Tshark?
-
...list all available Heuristic Dissectors (HD) with Tshark?
-
...dissect a large PCAP using only a selection of ~15 ND/HD with Tshark?
Thank you and regards, Marcin
CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited.