| Bug ID |
8348
|
| Summary |
Incomplete dump of smb.file_data
|
| Classification |
Unclassified
|
| Product |
Wireshark
|
| Version |
1.8.2
|
| Hardware |
x86
|
| OS |
All
|
| Status |
UNCONFIRMED
|
| Severity |
Major
|
| Priority |
Low
|
| Component |
TShark
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Build Information:
Vanilla Debian tshark package
--
I'm working with smb protocol invoking tshark with this cmdline:
tshark -r pcapfile -T fields -e smb.file -e smb.fid -e
smb.file.rw.length -e smb.file.rw.offset -e smb.file_data -R smb.file_data
And here's the problem. smb.file_data is incomplete, it seems to top up
as a string of 65535 bytes (with colons) which is 21845 B of real data.
If a SMB packet is bigger than that it gets truncated.
Eg:
smb.file.rw.offset 0
smb.file.rw.length 61440
smb.file_data
00:00:00:14:66:74:(snip)
01:00:00:13:8d:00:00:00:01:00:00:07:d2:00:00:00:01:00:00:00:00:00:00:00:01:00:00:03:e9:00:00:00:01:00:00:13:8d:00:00:00:01:00:00:07:d2:00:00:00:01:00:00:00:00:00:00:00:01:00:00:03:e9:00:00:00:01:00:00:13:8d:00:00:00:01:00:00:07:d2:00:00:00:01:00:00:00:00:00:00:00:01:00:00:03:e9:00:00:00:01:00:00:13:8d:00:00:00:01:00:00:07:d2:00:00:00:01:00:00:00:00:00:00:00:01:00:00:03:e9:00:00:00:01:00:00:0b:bb:00:00:00:01:00:00:03:e9:00:00:00:01:00:00:07:d2:00:00:00:01:00:00:13:8d:00:00:00:01:00:00:07:d2:00:00:00:01:00:00:00:00:00:00:00:01:00:00:03:e9:00:00:00:01:00:00:13:8d:00:00:00:01:00:00:07:d2:00:00:00:
As you can see the line ends with a colon, like if truncated.
Thanks.
You are receiving this mail because:
- You are watching all bug changes.
