Wireshark · Wireshark-dev: Re: [Wireshark-dev] Remove duplication for resolved addresses

Wireshark-dev: Re: [Wireshark-dev] Remove duplication for resolved addresses

From: Pascal Quantin <pascal.quantin@xxxxxxxxx>

Date: Thu, 10 Sep 2015 22:33:25 +0200

2015-09-10 22:31 GMT+02:00 Guy Harris <guy@xxxxxxxxxxxx>:

On Sep 10, 2015, at 1:05 PM, Pascal Quantin <pascal.quantin@xxxxxxxxx> wrote:

> Just a random thought (as I'm far from being a script expert). In case only one of the 2 IP address is resolved, would it be harder to parse?
> Src: 192.0.2.1, Dst: localhost (127.0.0.1)

Is it harder to parse that or

<packet>
<section>15</section>
<section>7.646900</section>
<section>192.0.2.1</section>
<section>127.0.0.1</section>
<section>{protocol}</section>
<section>{info}</section>
</packet>

(PSML) or

192.0.2.1,127.0.0.1

(-T fields -E separator=, -e _ws.col.Source -e _ws.col.Destination)?

Perhaps the default packet detail output should be oriented towards being read by humans, with the output of -T psml, -T ldml, and -T fields being what you use if you want it to be read by software?

A very valid argument ! :)

Follow-Ups:
- Re: [Wireshark-dev] Remove duplication for resolved addresses
  - From: Guy Harris

References:
- [Wireshark-dev] Remove duplication for resolved addresses
  - From: João Valverde
- Re: [Wireshark-dev] Remove duplication for resolved addresses
  - From: Pascal Quantin
- Re: [Wireshark-dev] Remove duplication for resolved addresses
  - From: Guy Harris

Prev by Date: Re: [Wireshark-dev] Remove duplication for resolved addresses
Next by Date: Re: [Wireshark-dev] Remove duplication for resolved addresses
Previous by thread: Re: [Wireshark-dev] Remove duplication for resolved addresses
Next by thread: Re: [Wireshark-dev] Remove duplication for resolved addresses
Index(es):
- Date
- Thread