Wireshark-users: Re: [Wireshark-users] how to grab printable text from entire TCP stream
From: Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx>
Date: Sat, 10 Jan 2009 23:29:45 -0700
On Fri, Jan 09, 2009 at 01:45:42PM -0800, T c wrote:

> it's close, but not quite
> 
> this is the output I get when I do as you suggested 
> 
> ...M......
> .....c........2....S.E.L.E.C.T. .T.D.M._.I.D.,.R.E.V.I.S.I.O.N.,.S.T.A.T.E.,.P.H.A.S.E.,.P.A.R._.R.E.V.I.S.I.O.N.,.A.P.P.R.O.V.A.L._.D.A.T.E.,.E.F.F.E.C.T.I.V.E._.F.R.O.M.,.E.F.F.E.C.T.I.V.E._.U.N.T.I.L.,.U.N.D.E.R._.O.P.E.R.A.T.I.O.N.,.U.S.E.R._.O.B.J.E.C.T._.I.D.,.R.E.V.I.S.I.O.N._.S.T.G.,.F.I.L.E._.T.Y.P.E.,.F.I.L.E._.N.A.M.E.,.D.I.R.E.C.T.O.R.Y.,.C.A.D._.R.E.F._.F.I.L.E._.N.A.M.E.,.C.A.D._.R.E.F._.D.I.R.E.C.T.O.R.Y.,.V.A.U.L.T._.O.B.J.E.C.T._.I.D.,.T.D.M._.S.F._.S.E.R.V.I.C.E.,.T.D.M._.S.F._.S.E.C.U.R.E._.L.V.L.,.T.D.M._.O.R.G._.U.S.E.R._.I.D.,.T.D.M._.A.P.P.R.O.V.E.D._.B.Y.,.T.D.M._.O.R.G._.C.R.E.A.T.E.D.A.T.E.,.T.D.M._.C.A.D._.D.I.R.T.Y.F.L.A.G.,.T.D.M._.S.U.P.P.O.R.T.E.D._.C.L.B.,.T.D.M._.F.I.L.E._.I.D.,.T.D.M._.C.F.O._.F.L.A.G.,.T.D.M._.C.O.M.P.O.N.E.N.T._.N.A.M.E.,.T.D.M._.C.O.M.P.O.N.E.N.T._.M.O.D.E.S.,.T.D.M._.F.I.L.E._.V.E.R.S.I.O.N.,.T.D.M._.I.N.T.E.G.R.A.T.I.O.N._.M.A.N.A.G.E.D.,.T.D.M._.P.A.R.T._.C.H.E.C.K.,.T.D.M._.S.E.C.U.R.E.D._.B.Y.
>  .F.R.O.M. .T.N._.D.O.C.U.M.E.N.T.A.T.I.O.N. . .
> 
> vs something like this (selecting packet, only printable text)
> 
> c2SELECT TDM_ID,REVISION,STATE,CREATION_DATE,PHASE,PAR_REVISION,APPROVAL_DATE,EFFECTIVE_FROM,EFFECTIVE_UNTIL,UNDER_OPERATION,USER_OBJECT_ID,REVISION_STG,USER_ID_MOD,MODIFICATION_DATE,FILE_TYPE,FILE_NAME,DIRECTORY,CAD_REF_FILE_NAME,CAD_REF_DIRECTORY,VAULT_OBJECT_ID,TDM_SF_SERVICE,TDM_SF_SECURE_LVL,TDM_ORG_USER_ID,TDM_APPROVED_BY,TDM_ORG_CREATEDATE,TDM_CAD_DIRTYFLAG,TDM_DOCUMENT_TYPE,TDM_DESCRIPTION,TDM_SUPPORTED_CLB,TDM_FILE_ID,TDM_CFO_FLAG,TDM_COMPONENT_NAME,TDM_COMPONENT_MODES,TDM_FILE_VERSION,TDM_INTEGRATION_MANAGED,TDM_ARCHIVE_TYPE,TDM_ARCHIVE_NAME,TDM_ES_COUNT,TDM_SIGNATURE,TDM_PART_CHECK,TDM_SECURED_BY FROM TN_DOCUMENTATION  WHERE OBJECT_ID=@P1c2@P1 int&I
> 
> I know it doesn't seem like it's a huge difference, but for what I'm 
> doing and the amount of queries I must look at, it's imperative...

Looks like Unicode/UTF-16 from a Windows machine at first glance.  As 
Jim said, it is a multibyte encoding.  Unfortunately, Wireshark doesn't 
support converting that for on screen display or saving in an 
ASCII/UTF-8 format at this time.  You could open an enhancement bug at 
https://bugs.wireshark.org/ and request that this support be added.


Steve