Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] What does [truncated] mean and is it possible to 'fix' it?

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Gavin Donald <gavin@xxxxxxxxxxxx>
Date: Fri, 19 Sep 2008 15:32:12 +0100
Thank you very much for taking the time to reply.
I think that maybe I had not quite explained myself properly earlier. Previously when I could see the plain text strings being send it would look something like this: 

<xml version="1">
<send to="someone">
   <message>Hello</message>
</send>

If I encrypted the data then I think Wireshark had something like:

[SSL] ..... some random characters here due to encryption
The String I am seeing now has no meaning that I can interpret, even if I turn of encryption. This is why I am now confused. I would like to be able see if the data in the packets sent is actually encrypted or not. The packets I am sending should be very small, it is a jabber message and I get the truncated message even if all I send as the message is the single character 'a'. 

Thanks for any assistance anyone can provide.


Jeff Morriss wrote:

Gavin Donald wrote:

Hello,
I am almost completely new to using Wireshark and am hoping that someone can assist as I haven't managed to find out any information about my problem.
I am trying to prove that some jabber instant messenger packets are encrypted when they leave my machine but Wireshark is showing them as follows:
[truncated] \027\003\001\000\327\353\242&i\347\325\v\363\354\263\351\202\350\360\325Nbf\3358\371\031^\017`o\037N|\331\366\206\277\341j\275U~6\002\253\250\036\243\031\t9\236\265xR\220\347\255I7"^z\342:\034R\272\210\257\033\360c\025\E\315[\2 
[ ERROR: Unrecognized text ]
I am sure that in the past I had been able to see the full plain text or 

That "[truncated]" looks like what I put in for:

http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2009
Specifically, the complaint in that bug was that very long text strings were being silently truncated. Not truncating the text seemed very intrusive and difficult so I added the "[truncated]" part in order to make it obvious that you weren't seeing all of the text string.
That is to say, I suspect previously you /thought/ you were seeing all of the text but in actuality it was being silently truncated. 
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube