It is possible that for some reason the last char is sometimes changed to the TAB char.
This issue also happens with other letters not just 't'.
It happened with a .dll file which appeared as .dl and .key file which appeared as .ke
Guy
It looks like you have a tan indife rhe quotes.Does it really truncate it or has it converted the t to a tab ( which would be an escaped t in some shells and languages)?
Any other letters missing or just an ending t?
-kc
On Dec 5, 2010, at 4:23 AM, Guy other <guy.other@xxxxxxxxx> wrote:
> Hi,
> When using TShark It sometimes truncates the last char from the path and file name.
> This is the command I used:
> tshark.exe -r small.pcap -T fields -e smb.cmd -e smb.path -e smb.file
> When running this the path field shows up incorrectly as:
> "0x75 \\\\NETSTORE4\\ORACLIEN "
>
> When I run it without fields i.e. using:
> tshark.exe -r small.pcap
> The path shows correctly:
> " 8 0.000550 172.31.4.12 -> 147.234.244.48 SMB Tree Connect AndX Request, Path: \\NETSTORE4\ORACLIENT"
>
> The same thing happens with the file name.
> I'm attaching the relevant capture file and the outputs for versions 1.4.2 and 1.2.13 with and without fields.
>
> The issue occurs in the latest version 1.4.2. I'm running the x64 bit version on a Windows machine.
> This issue does not happen in the previous stable release: Version 1.2.13 (SVN Rev 34960).
> Attached are the pcap file and the output of running the above commands in versions 1.4.2 and 1.2.13.
> Thanks,
> Guy Shtub
> <testpcap.zip>
