How to export printable text only(or any other packet property) in wireshark
Long story short - I'm capturing SQLs from vendor tool to Oracle database by using Wireshark. It already has decoder for TNS protocol (which is great) and I can access text of SQL by
Right Click->Copy->Bytes(Printable Text Only).
The problem is that there are tons of packets and doing right-click on each of them could take ages. I was wondering if there any way to export 'Printable Text Only' right from Wireshark. Ideally I want to have a text file with statements.
Any help will be highly appreciated.
Answer
Finally found away to do this. First, use tshark capturing tns packets:
tshark -R tcp.port==1521 -T fields -e data.data -d tcp.port==1521,tns > input.txt
Then you could use home brew Ruby script below to transform from bytes to text:
file = ARGV[0]
print_all = ARGV[1]
File.open(file, "r").each {|line|
line.gsub(",", ":").split(':').each {|byte|
chr = Integer('0x' + byte).chr
print chr if ((' '..'~').include?(chr) or chr == "\n") or (print_all.downcase == 'all' if print_all)
} if !line.chomp.empty?
}
Examples are:
encode.rb input.txt > output.txt
will export printable text only from input to output
encode.rb input.txt all > output.txt
will export all text from input to output