Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Remove duplication for resolved addresses

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: João Valverde <joao.valverde@xxxxxxxxxxxxxxxxxx>
Date: Thu, 10 Sep 2015 21:51:38 +0100


On 09/10/2015 09:05 PM, Pascal Quantin wrote:

Hi,

2015-09-10 13:50 GMT+02:00 Jo�o Valverde
<joao.valverde@xxxxxxxxxxxxxxxxxx
<mailto:joao.valverde@xxxxxxxxxxxxxxxxxx>>:

    Hi list,

    I proposed a change[1] to remove the duplication for resolved
    addresses (not necessarily using that code) in the UI:

       Src: 192.0.2.1, Dst: 192.0.2.2

    Instead of:

       Src: 192.0.2.1 (192.0.2.1), Dst: 192.0.2.2 (192.0.2.2)

    This change (rightfully) raised concerns that it would break
    backward compatibility for scripts parsing this output. Any thoughts
    on this?

    Just thinking out loud but maybe 2.0 would be a good opportunity to
    change this (if indeed it is an improvement)?

    If I understand the issue correctly I personally don't think this
    should be a stable interface anyway but of course I'm willing to be
    corrected on that.

    Next step after this would be doing the same for port resolution...

    Regards,

    Jo�o V.

    [1] https://code.wireshark.org/review/#/c/10203/


Just a random thought (as I'm far from being a script expert). In case
only one of the 2 IP address is resolved, would it be harder to parse?
   Src: 192.0.2.1, Dst: localhost (127.0.0.1)
The "advantage" of current code (whether it is relevant or not is an
exercise left to the reader) is that you will always find the IP address
(or port number) within parenthesis, whatever your preference
configuration. On the other side, it is not really pretty to the eye.
Good point. I would take that format, no problem, but it might be worth having an exception in that case (would need to investigate the code feasibility).
I personally don't use address resolution (which is not relevant at all to the argument).
What I think is relevant is that for long, randomish IPv6 addresses it really starts to get cumbersome for humans to parse. And takes a lot of screen real-estate.
Having said that there may be other factors I'm missing, I don't use any automated output parsing either. 

Regards,

JV



Cheers,
Pascal.


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube