Wireshark-users: [Wireshark-users] tshark doesn't print bytes following a NULL character? (v1.2.6
From: Ryan Lynch <ryan.b.lynch@xxxxxxxxx>
Date: Mon, 30 Aug 2010 09:48:29 -0400
tshark (v1.2.6) doesn't appear to handle byte strings properly that
contain the null (ASCII code zero) character. In most cases, when a
packet field contains a non-printable char (tab, newline, etc.),
tshark will output the ASCII code, as an escaped hex number, instead
of inserting the literal char. When it encounters a null byte, though,
tshark only outputs part of the byte string, from the beginning of the
string up to the last char before the first null byte. If the string
contains any more printable chars following the null byte, they aren't
printed, although the output does seem to be space-padded up to the
correct length.

Is this the intended behavior, or a bug in 1.2.6?

If it's a bug, I assume it's related to some assumptions about
null-terminated strings in C.

Also, can anyone tell me as to whether this has been fixed in a more
recent version of tshark?

Ryan B. Lynch
ryan.b.lynch@xxxxxxxxx