Re: tshark option for reassembled fragment output

[Hadriel Kaplan <HKaplan () acmepacket com>]

On Mar 3, 2013, at 9:57 AM, Evan Huus <eapache () gmail com> wrote:

> For consistency, I would suggest that both tshark and wireshark take
> only two filter flags:
> -d using wireshark dfilter syntax
> -f using libpcap syntax
>
> Tshark's -d uses only one pass unless -2 is specified. In either case
> it should behave as close as possible to Wireshark's display filter.
> This would mean moving tshark's current -d flag to something else (-R
> would be available, though it wouldn't make a lot of sense).

What would *really* be nice is to make most of this logic be the same physical code and in one place, in file.c, and 
make tshark just handle the viewing aspects being different.  I.e., as an MVC model make both Wireshark and tshark 
share the same Model *and* Controller as much as possible/reasonable.  Of course deciding what's reasonable vs. 
confusing is always the hard part. :)

-hadriel

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe