These methods change context only for the current session1. The file is not changed and others will need to readd the context with all files and commands that you used to see what you see.
If you want to disable the parsing of a protocol for protocols that are not relevant, you can use --disable-protocol <protocol>
.
If you want to make this permanent on your system, add the protocols, one per line to disabled_protos
in your Wireshark Config directory. If the protocol would have been parsed frequently in the capture, you will see a proportional speedup.
1 -H
is the one exception and only adds information for pcapng files.
With color one obtains an energy that seems to stem from witchcraft. — Henri Matisse
Resolve to Analyze
Tshark Decryption for Kerberos, TLS, and 802.11