Exported JSON is truncated

asked 2022-10-12 12:34:36 +0000

~ I am monitoring a websocket connection. The websocket sends messages that I have decrypted and I can see them in wireshark. However, when I export the packets with File > Export Packet Dissections > As JSON (Packet range: displayed), the resulting json file contains truncated messages (although I can see the full message on wireshark).

An example is the following:

"data-text-lines": { " [truncated]{\"channel\":\"orderbook\",\"market\":\"AMPL/USDT\",\"type\":\"partial\",\"data\":{\"time\":1665560553.4247336,\"checksum\":3356754253,\"bids\":[[1.0967,1.0],[1.0956,39.0],[1.0955,22.0],[1.0933,116.0],[1.0916,26.0],[1.0909,1234.0],[1.0906,36.0],[": "" }

However, if I click on the corresponding packet in Wireshark and look at the Decrypted TLS, right-click on the message and then copy as Printable Text, I get the following complete message

{"channel":"orderbook","market":"AMPL/USD","type":"partial","data":{"time":1665560553.8702948,"checksum":1255188210,"bids":[[1.0996,1.0],[1.0995,39.0],[1.0994,140.0],[1.0962,37.0],[1.0954,905.0],[1.0948,8.0],[1.093,23.0],[1.0929,4.0],[1.091,1517.0],[1.0886,27.0],[1.0871,57.0],[1.0865,35.0],[1.085,2.0],[1.0848,4.0],[1.0843,3753.0],[1.0842,2995.0],[1.0832,54.0],[1.082,8.0],[1.08,10.0],[1.0773,2.0],[1.0767,4.0],[1.0733,688.0],[1.0732,1574.0],[1.0725,4684.0],[1.0703,2.0],[1.07,36.0],[1.0692,8.0],[1.0686,4.0],[1.0673,4617.0],[1.0637,5808.0],[1.0634,2.0],[1.0621,3976.0],[1.0606,3.0],[1.06,13.0],[1.0582,6041.0],[1.0566,2.0],[1.0564,8.0],[1.054,2.0],[1.0525,4.0],[1.0501,82.0],[1.05,13.0],[1.0498,2.0],[1.0474,673.0],[1.0473,7003.0],[1.0444,4.0],[1.0438,7576.0],[1.0435,8.0],[1.043,2.0],[1.0421,5220.0],[1.04,14.0],[1.0398,83.0],[1.0373,7232.0],[1.0363,6.0],[1.0362,5843.0],[1.0355,25.0],[1.0323,1.0],[1.0307,8.0],[1.03,15.0],[1.0296,2.0],[1.0295,84.0],[1.0282,4.0],[1.0272,1.0],[1.023,2.0],[1.0222,1.0],[1.0202,4.0],[1.02,16.0],[1.0194,85.0],[1.0193,673.0],[1.0179,8.0],[1.0171,1.0],[1.0164,2.0],[1.0121,5.0],[1.01,17.0],[1.0098,2.0],[1.007,1.0],[1.0051,8.0],[1.0044,86.0],[1.004,4.0],[1.0033,2.0],[1.002,1.0],[1.0009,25.0],[1.0008,11.0],[1.0,19.0],[0.9994,87.0],[0.9969,1.0],[0.9968,2.0],[0.9959,4.0],[0.9923 ...

(more)
edit retag flag offensive close merge delete

Comments

Export Packet Dissections is dumping the protocol tree - The “Packet Details” Pane
There is a limit of ITEM_LABEL_LENGTH 240 in the tree. If you look at data-text-lines in the Wireshark Packet Details does it display [truncated]?

Have you tried to get data-text-lines to decode as JSON? Those fields might be short enough to export.

There was a similar question with a different solution:
Is there a way to show non truncated data with tshark without recompiling?

Chuckc gravatar imageChuckc ( 2022-10-12 21:19:00 +0000 )edit