####### Capture ######## # Default capture device # A string #capture.device: # Interface link-layer header types (Ex: en0(1),en1(143),...) # A string #capture.devices_linktypes: # Interface descriptions (Ex: eth0(eth0 descr),eth1(eth1 descr),...) # A string #capture.devices_descr: # Hide interface? (Ex: eth0,eth3,...) # A string #capture.devices_hide: # By default, capture in monitor mode on interface? (Ex: eth0,eth3,...) # A string #capture.devices_monitor_mode: # Interface buffer size (Ex: en0(1),en1(143),...) # A string #capture.devices_buffersize: # Interface snap length (Ex: en0(65535),en1(1430),...) # A string #capture.devices_snaplen: # Interface promiscuous mode (Ex: en0(0),en1(1),...) # A string #capture.devices_pmode: # Capture in promiscuous mode? # TRUE or FALSE (case-insensitive) #capture.prom_mode: TRUE # Interface capture filter (Ex: en0(tcp),en1(udp),...) # A string #capture.devices_filter: # Capture in pcapng format? # TRUE or FALSE (case-insensitive) #capture.pcap_ng: TRUE # Update packet list in real time during capture? # TRUE or FALSE (case-insensitive) #capture.real_time_update: TRUE # Disable external capture modules (extcap) # TRUE or FALSE (case-insensitive) #capture.no_extcap: FALSE # Scroll packet list during capture? # TRUE or FALSE (case-insensitive) #capture.auto_scroll: TRUE # Show capture info dialog while capturing? # TRUE or FALSE (case-insensitive) #capture.show_info: FALSE ####### Name Resolution ######## # Resolve Ethernet MAC addresses to host names from the preferences or system's Ethers file, or to a manufacturer based name. # TRUE or FALSE (case-insensitive) #nameres.mac_name: TRUE # Resolve TCP/UDP ports into service names # TRUE or FALSE (case-insensitive) #nameres.transport_name: FALSE # Resolve IPv4, IPv6, and IPX addresses into host names. The next set of check boxes determines how name resolution should be performed. If no other options are checked name resolution is made from Wireshark's host file, capture file name resolution blocks and DNS packets in the capture. # TRUE or FALSE (case-insensitive) #nameres.network_name: FALSE # Whether address/name pairs found in captured DNS packets should be used by Wireshark for name resolution. # TRUE or FALSE (case-insensitive) #nameres.dns_pkt_addr_resolution: TRUE # Use your system's configured name resolver (usually DNS) to resolve network names. Only applies when network name resolution is enabled. # TRUE or FALSE (case-insensitive) #nameres.use_external_name_resolver: TRUE # The maximum number of DNS requests that may be active at any time. A large value (many thousands) might overload the network or make your DNS server behave badly. # A decimal number #nameres.name_resolve_concurrency: 500 # By default "hosts" files will be loaded from multiple sources. Checking this box only loads the "hosts" in the current profile. # TRUE or FALSE (case-insensitive) #nameres.hosts_file_handling: FALSE # Resolve VLAN IDs to network names from the preferences "vlans" file. Format of the file is: "IDName". One line per VLAN, e.g.: 1 Management # TRUE or FALSE (case-insensitive) #nameres.vlan_name: FALSE # Resolve SS7 Point Codes to node names from the profiles "ss7pcs" file. Format of the file is: "Network_IndicatorPC_DecimalName". One line per Point Code, e.g.: 2-1234 MyPointCode1 # TRUE or FALSE (case-insensitive) #nameres.ss7_pc_name: FALSE # Resolve Object IDs to object names from the MIB and PIB modules defined below. You must restart Wireshark for this change to take effect # TRUE or FALSE (case-insensitive) #nameres.load_smi_modules: FALSE # While loading MIB or PIB modules errors may be detected, which are reported. Some errors can be ignored. If unsure, set to false. # TRUE or FALSE (case-insensitive) #nameres.suppress_smi_errors: FALSE ####### Protocols ######## aim.desegment: FALSE aol.desegment: FALSE atp.desegment: FALSE bzr.desegment: FALSE bgp.desegment: FALSE bitcoin.desegment: FALSE bittorrent.desegment: FALSE bthci_acl.hci_acl_reassembly: FALSE bmp.desegment: FALSE c1222.desegment: FALSE capwap.reassemble: FALSE cast.reassembly: FALSE cflow.desegment: FALSE clnp.reassemble: FALSE cmp.desegment: FALSE cops.desegment: FALSE cotp.reassemble: FALSE couchbase.desegment_pdus: TRUE db-lsp.desegment_pdus: TRUE dcerpc.desegment_dcerpc: TRUE dcerpc.reassemble_dcerpc: TRUE dhcpfo.desegment: TRUE #dhcpv6.bulk_leasequery.desegment: TRUE diameter.desegment: TRUE dicom.pdv_reassemble: FALSE distcc.desegment_distcc_over_tcp: FALSE djiuav.desegment: FALSE dnp3.desegment: FALSE dns.desegment_dns_messages: TRUE drda.desegment: FALSE dsi.desegment: FALSE edonkey.desegment: FALSE enip.desegment: FALSE fc.reassemble: TRUE fcip.desegment: TRUE fix.desegment: TRUE gadu-gadu.desegment: FALSE gearman.desegment: FALSE ged125.desegment_body: FALSE giop.desegment_giop_messages: TRUE giop.reassemble: TRUE git.desegment: TRUE grpc.streaming_reassembly_mode: TRUE gryphon.desegment: FALSE gsm_sms.reassemble: TRUE gsm_sms.reassemble_with_lower_layers_info: TRUE gss-api.gssapi_reassembly: FALSE h225.reassembly: TRUE h245.reassembly: TRUE h501.desegment: TRUE h248.desegment: TRUE hart_ip.desegment: TRUE hzlcst.desegment: TRUE hpfeeds.desegment_hpfeeds_messages: FALSE http.desegment_headers: TRUE http.desegment_body: TRUE ifcp.desegment: FALSE ilp.desegment_ilp_messages: FALSE ipdc.desegment_ipdc_messages: FALSE iscsi.desegment_iscsi_messages: FALSE isns.desegment: FALSE jxta.desegment: FALSE kpasswd.desegment: TRUE kerberos.desegment: TRUE lg8979.desegment: FALSE lapdm.reassemble: TRUE laplink.desegment_laplink_over_tcp: TRUE ldap.desegment_ldap_messages: TRUE ldp.desegment_ldp_messages: TRUE memcache.desegment_headers: TRUE memcache.desegment_pdus: TRUE mbrtu.desegment: FALSE mbtcp.desegment: FALSE mq.desegment: TRUE mq.reassembly: TRUE mysql.desegment_buffers: TRUE nasdaq_soup.desegment: TRUE nbd.desegment_nbd_messages: FALSE nbss.desegment_nbss_commands: FALSE ncp.desegment: FALSE ndmp.desegment: FALSE ndps.desegment_tcp: FALSE ndps.desegment_spx: FALSE netsync.desegment_netsync_messages: FALSE opa.mad.reassemble_rmpp: FALSE openflow.desegment: FALSE openwire.desegment: FALSE opsi.desegment_opsi_messages: FALSE rtse.reassemble: FALSE idmp.desegment_idmp_messages: FALSE idmp.reassemble: FALSE p_mul.reassemble: FALSE pn_rt.desegment: FALSE pop.desegment_data: TRUE ppi.reassemble: FALSE pvfs.desegment: FALSE q931.desegment_h323_messages: TRUE q931.reassembly: TRUE rlc.perform_reassembly: FALSE rlc-lte.reassembly: FALSE rpc.desegment_rpc_over_tcp: TRUE rpcap.desegment_pdus: FALSE rsync.desegment: TRUE rtmpt.desegment: FALSE rtp.desegment_rtp_streams: TRUE rtsp.desegment_headers: FALSE rtsp.desegment_body: FALSE sametime.reassemble: FALSE sasp.desegment_sasp_messages: FALSE sctp.reassembly: TRUE selfm.desegment: FALSE ses.desegment: TRUE sip.desegment_headers: TRUE sip.desegment_body: TRUE skinny.desegment: FALSE smb.trans_reassembly: TRUE smb.dcerpc_reassembly: TRUE smb2.pipe_reassembly: TRUE smb_direct.reassemble_smb_direct: TRUE sml.reassemble: TRUE smp.desegment: TRUE smpp.reassemble_smpp_over_tcp: TRUE smtp.desegment_lines: TRUE smtp.desegment_data: TRUE snmp.desegment: TRUE someip.reassemble_tp: FALSE slsk.desegment: FALSE soupbintcp.desegment: FALSE srvloc.desegment_tcp: TRUE ssh.desegment_buffers: TRUE s5066dts.proto_desegment: FALSE s5066sis.desegment_pdus: FALSE starteam.desegment: FALSE stt.reassemble: FALSE t38.reassembly: FALSE tacplus.desegment: FALSE tali.reassemble: FALSE tcp.desegment_tcp_streams: TRUE tcpros.desegment_tcpros_messages: FALSE tds.desegment_buffers: FALSE tibia.reassemble_tcp_segments: FALSE tipc.desegment: FALSE tls.desegment_ssl_records: TRUE tls.desegment_ssl_application_data: TRUE tns.desegment_tns_messages: FALSE tpkt.desegment: FALSE transum.reassembly: FALSE ucp.desegment_ucp_messages: FALSE ulp.desegment_ulp_messages: FALSE uma.desegment_ucp_messages: FALSE vnc.desegment: FALSE winsrepl.reassemble: FALSE wow.desegment: FALSE x25.reassemble: FALSE x11.desegment: FALSE xmpp.desegment: FALSE xot.desegment: FALSE yami.desegment: FALSE ymsg.desegment: FALSE z3950.desegment_buffers: FALSE