tcpluawiresharkwireshark-dissector

Wireshark : how to force to drop packets with LUA?


I'm am facing to an issue when sniffing on the loopback interface when using a JTAG debug probe, which uses a TCP socket. It completly flood the loopback, and freeze Wireshark after a few seconds.

As a workaround, I have made a dummy LUA dissector for this case (redlink-server protocol). Wireshark is no longer freezing, but it produces like 8Gb of packets in a few minutes... (the plugin consists in an empty dissector function, add register this dissector for TCP port 3490)

Is there a simple way to delete those packets from dump file not to overflow my RAM ?

Tanks by advance

Thomas.


Solution

  • You can apply a capture filter, not a display filter, to avoid capturing the traffic. In your case, the capture filter to exclude the unwanted traffic would be not tcp port 3490.

    Refer to pcap-filter for more information on capture filters, as well as the Wireshark User Guide, Section 4.10. Filtering while capturing.