On 09/16/13 16:49, Guy Harris wrote:
On Sep 16, 2013, at 1:39 PM, Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> wrote:
On 09/16/13 16:04, Guy Harris wrote:
On Sep 16, 2013, at 12:44 PM, Anders Broman <a.broman@xxxxxxxxxxxx> wrote:
If we decide to have it default off perhaps we shouldn't default to write
User Datagram Protocol, Src Port: 60000 (60000), Dst Port: 13868 (13868) but rather
User Datagram Protocol, Src Port: 60000 , Dst Port: 13868
Yes, and the same applies for network addresses, if we're not already doing that.
Defaulted to off (i.e., a preference) or off by code?
I was thinking "off by code", i.e. stay away from the Department of Redundancy Department.
If we have a preference (for services or network addresses) I think keeping the same format:
User Datagram Protocol, Src Port: 60000 (60000), Dst Port: 13868 (13868)
is actually a good thing because then tshark output parsers don't have to worry about whether or not the preference is set.
TShark output parsers not made of neurons should probably be parsing "-T {psml,pdml,fields}" output. (TShark output parsers made of neurons generally handle ambiguities and format differences a lot better than TShark output parsers made of code.)
Yes, I that's true.
But I can, without thinking, write up a quick script that pulls the
things I need out of the normal tshark -V output. The times (or
"time"?) I tried to extract data from a *ml format I spent hours trying
to figure out how and where to *start*. Eventually I gave up.
I think others have had the same problem which is why every
tshark-output-reading script I personally know of parses the "-V" output.