On Wed, Jun 12, 2013 at 1:09 PM, Evan Huus <eapache@xxxxxxxxx> wrote:
> If wireshark is 1.8 and tshark is 1.10 then all bets are off. I don't
> have anything exhibiting this, but my bet is that Wireshark 1.10 has
> the same problematic behaviour.
Hmmm, I installed Wireshark 1.10.0 and the problem persists. I guess I
have the code.
> Evan
>
> On Wed, Jun 12, 2013 at 4:04 PM, Richard Sharpe
> <realrichardsharpe@xxxxxxxxx> wrote:
>> Hi folks,
>>
>> I have a capture file with some weird file names in SMB requests.
>> Wireshark shows them as this:
>>
>> \\somewhere\\eng\\Project\\HZX - City of
>> SomePlace\\xxxxyyyyzzz\\Planning-study\\Reports\\UNC\\somecmpy.com\\csfile\\eng\\Project\\HZX
>> - City of SomePlace\\xxxxyyyyzzz
>>
>> This appears to be correct because I see that same data in the data pane.
>>
>> However, tshark shows this:
>>
>> \\somewhere\\eng\\Project\\HZX - City of
>> SomePlace\\xxxxyyyyzzz\\Planning-study\\Reports\\UNC
>>
>> Now, there are longer file paths that tshark shows, so it is not
>> truncating. it seems to object to the component after the UNC string
>> and stops there.
>>
>> Has anyone seen this?
>>
>> Wireshark version 1.8.6. tshark version 1.10.0 (Copyright 1998-2013)
>>
>> --
>> Regards,
>> Richard Sharpe
>> (何以解憂?唯有杜康。--曹操)
>> ___________________________________________________________________________
>> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
>> Archives: http://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
