Should we, instead, look the port number up in the "tcp.port" or "udp.port" (or "sctp.port") dissector table and, if it finds a dissector handle, look up the short name of the protocol for that dissector handle and use that?
I think this is more useful, since the dissector short name is typically used as the filter prefix. It is just confusing if slightly different strings are shown, because they come from some other list/database.
Actually, the dissector *filter* name is typically used as the filter prefix - for example, for DNS, there's:
name - Domain Name Service
short name - DNS
filter name - dns
Are you recommending using the filter name instead of the short name?
yes, I prefer the filter name, because if I want to dig into a problem I'll
likely use filters. I think for most dissectors short and filter name just
differ in capitalization and my brain typically wouldn't notice any difference,
so it may not make any big difference.
Side note: it may be worthwhile to add a recommendation to the check-api program
that short name and filter name should case insensitive compare equal.
--
---> Dirk Jagdmann
----> http://cubic.org/~doj
-----> http://llg.cubic.org
