Home page logo
/

wireshark logo Wireshark mailing list archives

Wireshark and tshark show different data for the smb.file field for certain files
From: Richard Sharpe <realrichardsharpe () gmail com>
Date: Wed, 12 Jun 2013 13:04:28 -0700

Hi folks,

I have a capture file with some weird file names in SMB requests.
Wireshark shows them as this:

\\somewhere\\eng\\Project\\HZX - City of
SomePlace\\xxxxyyyyzzz\\Planning-study\\Reports\\UNC\\somecmpy.com\\csfile\\eng\\Project\\HZX
- City of SomePlace\\xxxxyyyyzzz

This appears to be correct because I see that same data in the data pane.

However, tshark shows this:

\\somewhere\\eng\\Project\\HZX - City of
SomePlace\\xxxxyyyyzzz\\Planning-study\\Reports\\UNC

Now, there are longer file paths that tshark shows, so it is not
truncating. it seems to object to the component after the UNC string
and stops there.

Has anyone seen this?

Wireshark version 1.8.6. tshark version 1.10.0 (Copyright 1998-2013)

-- 
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault