Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Shard Output Format

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 13 Sep 2019 08:15:33 -0700
On Sep 13, 2019, at 7:56 AM, Oliver-Tobias Ripka <otr@xxxxxxxxxx> wrote:

> I guess so. For my use case I need to have the 1s and 0s (and in general
> the format that will also work as a right hand display filter value)
> like in tshark formats it rather than the human readable form.

There is no single output format for a field that will satisfy all needs.

The format used in the display of the protocol tree to the user, as seen in TShark -V output and in the Wireshark packet details pane, is one; the format used for TShark -T fields output is another.

If one intended use of sharkd is to have it generate output from which a human-readable format of the protocol tree can be constructed *without* the program communicating with sharkd having its own copy of, for example, strings for Boolean fields, then your change would, at minimum, break that.

However, as another use of sharkd is your use, having it unconditionally generate output to use to generate a human-readable display of fields is *also* insufficient.

So sharkd would need a flag to indicate what format output to generate.