How to export only printable text (or any other package property) in wirehark

Question

How to export only printable text (or any other package property) in wirehark

In short, I am pulling SQL queries from a provider tool into an Oracle database using Wireshark. It already has a decoder for the TNS protocol (which is great), and I can access the SQL text using

Right Click->Copy->Bytes(Printable Text Only).

The problem is that there are tons of packages, and right-clicking on each of them can take age. I was wondering if there is a way to export only “Printed Text” directly from Wireshark. Ideally, I want to have a text file with instructions.

Any help would be greatly appreciated.

+3

sql oracle wireshark tns packet-capture

Petro semeniuk Dec 31 '10 at 4:46

source share

3 answers

- , . tshark tns:

tshark -R tcp.port==1521 -T fields -e data.data -d tcp.port==1521,tns > input.txt

brew Ruby script :

file = ARGV[0]
print_all = ARGV[1]

File.open(file, "r").each {|line|
  line.gsub(",", ":").split(':').each {|byte|
    chr = Integer('0x' + byte).chr
    print chr if ((' '..'~').include?(chr) or chr == "\n") or (print_all.downcase == 'all' if print_all)
  } if !line.chomp.empty?
}

:

encode.rb input.txt > output.txt

encode.rb input.txt  all > output.txt

+4

Petro Semeniuk 14 . '11 0:57

, , , Right Click -> Follow TCP Stream.

Note: unprintable characters are displayed as .s. If there is a bunch of these fragments between all the text you want to extract (as for me), switch it to ASCII, save it and open it in your favorite text editor (vim for me), then start the search and replace are similar /\.//g.

+3

Nick knowlson Apr 1 '11 at 20:43

source share

Doon · Accepted Answer · 2010-12-31T04:56:11+0000

, TNS. - , tshark, , HTTP-.

tshark -T fields -e http.request.uri

, TNS, .

How to export only printable text (or any other package property) in wirehark

More articles: