Wireshark-users: Re: [Wireshark-users] Packet Analysis of Wireshark
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 17 Apr 2009 11:01:17 -0700

On Apr 17, 2009, at 12:46 AM, Revathi Rangachari wrote:

Please find attached the screen shot where I included the data that I
intent to capture.  This is Oracle 11i instance application running on
an IP and port no.8045.

The wire shark displays data when the application is running and
retrieves data.  But when I enter data in a Form and say Submit
Wireshark does not display anything on  the screen but the Status Bar
displays the number of Packets captured and the number keeps
incrementing.

By "Wireshark does not display anything on the screen" do you mean that Wireshark doesn't show more packets in the topmost pane?

When I save this, I do see the contents of the data captured.  But
they are in bytes or hex format ( the format) of which I am not very
sure.  The trace starts at Ethernet layer.

My question is how to get this data to a readable format?

Find out what protocol is being used and:

if Wireshark has a dissector for it, see whether the "Decode As" menu option can tell Wireshark to dissect that traffic as that protocol;

	if Wireshark doesn't have a dissector for it, write one.

If this is the standard Oracle SQL-over-TNS protocol, try using the "Decode As" menu item (which I mentioned in earlier mail) to decode it as "TNS".