 | 1 | initial version |
Why does Wireshark producse such a json structure?
Because it has a routine that puts "plain text" items into the protocol tree, with no field name associated with them, and because it has a JSON printer that, for those items, just prints out the text.
Can't it be fixed?
It can, but it would involve a change such as requiring that routine to specify a named field, so it'd show up as something such as
"lldp.chassis": {
"lldp.tlv.type": "1",
"lldp.tlv.len": "7",
"lldp.chassis.subtype": "4",
"lldp.chassis.id.mac": "00:0a:25:3a:6c:ee"
},
"lldp.port": {
"lldp.tlv.type": "2",
"lldp.tlv.len": "7",
"lldp.port.subtype": "3",
"lldp.port.id.mac": "00:0a:25:3a:6c:f1"
}
Please file a bug report on the Wireshark Bugzilla.