If wireshark is 1.8 and tshark is 1.10 then all bets are off. I don't
have anything exhibiting this, but my bet is that Wireshark 1.10 has
the same problematic behaviour.
Evan
On Wed, Jun 12, 2013 at 4:04 PM, Richard Sharpe
<realrichardsharpe@xxxxxxxxx> wrote:
> Hi folks,
>
> I have a capture file with some weird file names in SMB requests.
> Wireshark shows them as this:
>
> \\somewhere\\eng\\Project\\HZX - City of
> SomePlace\\xxxxyyyyzzz\\Planning-study\\Reports\\UNC\\somecmpy.com\\csfile\\eng\\Project\\HZX
> - City of SomePlace\\xxxxyyyyzzz
>
> This appears to be correct because I see that same data in the data pane.
>
> However, tshark shows this:
>
> \\somewhere\\eng\\Project\\HZX - City of
> SomePlace\\xxxxyyyyzzz\\Planning-study\\Reports\\UNC
>
> Now, there are longer file paths that tshark shows, so it is not
> truncating. it seems to object to the component after the UNC string
> and stops there.
>
> Has anyone seen this?
>
> Wireshark version 1.8.6. tshark version 1.10.0 (Copyright 1998-2013)
>
> --
> Regards,
> Richard Sharpe
> (何以解憂?唯有杜康。--曹操)
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
