The user can control how protocols are dissected.
Each protocol has its own dissector, so dissecting a complete packet will typically involve several dissectors. As Wireshark tries to find the right dissector for each packet (using static "routes" and heuristics "guessing"), it might choose the wrong dissector in your specific case. For example, Wireshark won't know if you use a common protocol on an uncommon TCP port, e.g. using HTTP on TCP port 800 instead of the standard port 80.
There are two ways to control the relations between protocol dissectors: disable a protocol dissector completely or temporarily divert the way Wireshark calls the dissectors.
The Enabled Protocols dialog box lets you enable or disable specific protocols, all protocols are enabled by default. When a protocol is disabled, Wireshark stops processing a packet whenever that protocol is encountered.
![[Note]](/file/23802/PCWorld_2007-09_cd.bin/v cisle/wireshark/wireshark-setup-0.99.6a.exe/user-guide.chm/wsug_chm/wsug_graphics/note.png) | Note! |
|---|---|
Disabling a protocol will prevent information about higher-layer protocols from being displayed. For example, suppose you disabled the IP protocol and selected a packet containing Ethernet, IP, TCP, and HTTP information. The Ethernet information would be displayed, but the IP, TCP and HTTP information would not - disabling IP would prevent it and the other protocols from being displayed. |
To disable or enable a protocol, simply click on it using the mouse or press the space bar when the protocol is highlighted.
![[Warning]](/file/23802/PCWorld_2007-09_cd.bin/v cisle/wireshark/wireshark-setup-0.99.6a.exe/user-guide.chm/wsug_chm/wsug_graphics/warning.png) | Warning! |
|---|---|
You have to use the Save button to save your settings. The OK or Apply buttons will not save your changes permanently, so they will be lost when Wireshark is closed. |
You can choose from the following actions:
Enable All Enable all protocols in the list.
Disable All Disable all protocols in the list.
Invert Toggle the state of all protocols in the list.
OK Apply the changes and close the dialog box.
Apply Apply the changes and keep the dialog box open.
Save Save the settings to the disabled_protos, see AppendixáA, Files and Folders for details.
Cancel Cancel the changes and close the dialog box.
The "Decode As" functionality let you temporarily divert specific protocol dissections. This might be useful for example, if you do some uncommon experiments on your network.
The content of this dialog box depends on the selected packet when it was opened.
| Warning! |
|---|---|
The user specified decodes can not be saved. If you quit Wireshark, these settings will be lost. |
Decode Decode packets the selected way.
Do not decode Do not decode packets the selected way.
Link/Network/Transport Specify the network layer at which "Decode As" should take place. Which of these pages are available, depends on the content of the selected packet when this dialog box was opened.
Show Current Open a dialog box showing the current list of user specified decodes.
OK Apply the currently selected decode and close the dialog box.
Apply Apply the currently selected decode and keep the dialog box open.
Cancel Cancel the changes and close the dialog box.
