Re: Transport name resolution

[Dirk Jagdmann <doj () cubic org>]

> > > Should we, instead, look the port number up in the "tcp.port" or "udp.port" (or "sctp.port") dissector table and, if it 
> > > finds a dissector handle, look up the short name of the protocol for that dissector handle and use that?
> >
> > I think this is more useful, since the dissector short name is typically used as the filter prefix. It is just 
> > confusing if slightly different strings are shown, because they come from some other list/database.
>
> Actually, the dissector *filter* name is typically used as the filter prefix - for example, for DNS, there's:
>
>         name - Domain Name Service
>         short name - DNS
>         filter name - dns
>
> Are you recommending using the filter name instead of the short name?

yes, I prefer the filter name, because if I want to dig into a problem I'll 
likely use filters. I think for most dissectors short and filter name just 
differ in capitalization and my brain typically wouldn't notice any difference, 
so it may not make any big difference.

Side note: it may be worthwhile to add a recommendation to the check-api program 
that short name and filter name should case insensitive compare equal.

--
---> Dirk Jagdmann
----> http://cubic.org/~doj
-----> http://llg.cubic.org
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe