Wireshark can sniff and analyze network traffic and is very useful. But it also has a very large attack surface due to the large number of protocols it supports, and some of those are obviously bound to contain exploitable vulnerabilities. By disabling unnecessary protocols you can reduce that risk. To choose which protocols should be enabled or disabled, click Analyze → Enabled Protocols.
Since there are just too many of them to go through them all, I recommend disabling all of them (click Disable All). Then enable those you need. For typical “internet use” I recommend at least these:
- IPv4, IPv6
- ICMP, ICMPv6
You also need to enable the application level protocols you need, e.g. HTTP, SSH, OCSP, etc. And note that many protocols are encapsulated inside another protocol, e.g. OCSP queries are sent inside HTTP requests. In such cases you need to enable the encapsulating protocols as well.
Reminder - Don’t run Wireshark as root!
If you haven’t already, you may want to run these commands (source) to make it possible to capture without running as root:
sudo groupadd --system wireshark sudo chgrp wireshark /usr/bin/dumpcap sudo chmod 754 /usr/bin/dumpcap sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap sudo adduser youraccount wireshark