Hello everybody,
when using tshark with -z "follow,tcp,ascii,<stream number>" option to read a pcap file the output data is incomplete if there's a package missing or broken in the stream. (NOTE: This applies to Wiresharks "follow tcp stream" as well) I spent a lot time trying to figure out why this happens and came up with a blank so far, so I'd appreciate if somebody deeply involved in tshark development could take a look at this, for I badly need this "bug" fixed.
Here some further information:
-the output always stops before the first byte of the malformed/missing package with the lowest identifier
-in my tests the rest of the data could be found with wireshark and was correctly associated with the tcp stream it belonged to
-this "bug" was witnessed on Unix and Windows with the current stable, the current development version and some old stables
Thx for your help
Greetings
Toni
