Wireshark-dev: [Wireshark-dev] Question on text2pcap behaviour

From: "Abhik Sarkar" <sarkar.abhik@xxxxxxxxx>
Date: Thu, 1 May 2008 12:36:16 +0400

Hi All,

I just ran into a small problem while using text2pcap and I wanted to
know (before I attempt to fix it) whether this is a problem at all.

Let's say I have a text file with a single line as so (this is just an
example, not actual payload):
00000000 30 31 32 33 34 35 36 37 38 39 0123456789

According to the comments in text2pcap.c, The text at the end is
ignored. My interpretation of this is that the text at the end may or
may not be present. Perhaps this interpretation is not quite right
because, if I have a like like this (quotes added to clarify the
situation):
"00000000 30 31 32 33 34 35 36 37 38 39"
the last byte is ignored. However, if the line is like this
"00000000 30 31 32 33 34 35 36 37 38 39 "
then it is parsed correctly.

Not having the text part in the end is useful sometimes because
sometimes we get just a hex dump of the TCP payload (but without the
text part in the end).

Thanks!
Abhik.