It looks like you have a tan indife rhe quotes.Does it really truncate it or has it converted the t to a tab ( which would be an escaped t in some shells and languages)?
Any other letters missing or just an ending t?
-kc
On Dec 5, 2010, at 4:23 AM, Guy other <guy.other@xxxxxxxxx> wrote:
> Hi,
> When using TShark It sometimes truncates the last char from the path and file name.
> This is the command I used:
> tshark.exe -r small.pcap -T fields -e smb.cmd -e smb.path -e smb.file
> When running this the path field shows up incorrectly as:
> "0x75 \\\\NETSTORE4\\ORACLIEN "
>
> When I run it without fields i.e. using:
> tshark.exe -r small.pcap
> The path shows correctly:
> " 8 0.000550 172.31.4.12 -> 147.234.244.48 SMB Tree Connect AndX Request, Path: \\NETSTORE4\ORACLIENT"
>
> The same thing happens with the file name.
> I'm attaching the relevant capture file and the outputs for versions 1.4.2 and 1.2.13 with and without fields.
>
> The issue occurs in the latest version 1.4.2. I'm running the x64 bit version on a Windows machine.
> This issue does not happen in the previous stable release: Version 1.2.13 (SVN Rev 34960).
> Attached are the pcap file and the output of running the above commands in versions 1.4.2 and 1.2.13.
> Thanks,
> Guy Shtub
> <testpcap.zip>
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
