On Mon, Jan 08, 2007 at 07:29:22PM -0000, Antonio Cassidy wrote:
> By removing the first 105 and last 104 chars we're left with the
> content of the text file. I have tried this with other text files and
> it's the same number of characters both at the start and at the end.
These are probably other fields from the protocol. Are you able to send
us a sample capture with a file transfer in it to help you look at it?
> This is the same as when an image is transferred if I remove the first
> 105 and last 104 I'm left with the same number of characters as when I
> open the image in notepad however the characters are not exactly the
> same in the capture as the original file ie:
>
> Original File: �����%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz??
>
> Capture File: .....%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.
>
> It looks like the non standard characters in the image file are being
> replaced by '.''s in the capture file.
Yes, "non-printable" characters are replaced with periods when displayed
in Wireshark.
Steve