Wireshark · Wireshark-users: [Wireshark-users] issue with TShark "-T fields -e smb.path -e smb.file" truncating last char

Wireshark-users: [Wireshark-users] issue with TShark "-T fields -e smb.path -e smb.file" truncati

From: Guy other <guy.other@xxxxxxxxx>

Date: Sun, 5 Dec 2010 12:23:57 +0200

Hi,
When using TShark It sometimes truncates the last char from the path and file name.
This is the command I used:
tshark.exe -r small.pcap -T fields -e smb.cmd -e smb.path -e smb.file
When running this the path field shows up incorrectly as:
"0x75    \\\\NETSTORE4\\ORACLIEN    "

When I run it without fields i.e. using:
tshark.exe -r small.pcap
The path shows correctly:
" 8   0.000550 172.31.4.12 -> 147.234.244.48 SMB Tree Connect AndX Request, Path: \\NETSTORE4\ORACLIENT"

The same thing happens with the file name.
I'm attaching the relevant capture file and the outputs for versions 1.4.2 and 1.2.13 with and without fields.

The issue occurs in the latest version 1.4.2. I'm running the x64 bit version on a Windows machine.
This issue does not happen in the previous stable release: Version 1.2.13 (SVN Rev 34960).
Attached are the pcap file and the output of running the above commands in versions 1.4.2 and 1.2.13.
Thanks,
Guy Shtub

Attachment: testpcap.zip
Description: Zip archive

Follow-Ups:
- Re: [Wireshark-users] issue with TShark "-T fields -e smb.path -e smb.file" truncating last char
  - From: Stephen Fisher
- Re: [Wireshark-users] issue with TShark "-T fields -e smb.path -e smb.file" truncating last char
  - From: Kevin C

Prev by Date: Re: [Wireshark-users] List of Websites visited from pcap
Next by Date: Re: [Wireshark-users] issue with TShark "-T fields -e smb.path -e smb.file" truncating last char
Previous by thread: Re: [Wireshark-users] List of Websites visited from pcap
Next by thread: Re: [Wireshark-users] issue with TShark "-T fields -e smb.path -e smb.file" truncating last char
Index(es):
- Date
- Thread