Wireshark-users: Re: [Wireshark-users] how to grab printable text from entire TCP stream

From: "Jim Young" <sysjhy@xxxxxxxxxxxxxxx>
Date: Sat, 10 Jan 2009 21:51:36 -0500
Hello (again) TC,

>>> "Jim Young" <sysjhy@xxxxxxxxxxxxxxx> 1/10/2009 8:15 PM >>>
> The "text" contained in your TCP stream is obviously 
> encoded in some multi-byte text form.  
>
> Here's a trick I've used on Windows platform.   Save a 
> "Raw"[1] version of the "Follow TCP Stream" data out to 
> a file.  Then open up a Windows cmd.exe shell.   In the 
> cmd shell use the "type" command to make a "cooked" 
> copy of the original raw stream data: e.g.
>
>   C:\> type follow_tcp_stream.raw >follow_tcp_stream.cooked
> 
> If you're lucky the new "follow_tcp_stream.cooked" file
> will have a simplified version of ASCII characters from the
> original version of the file.

I just realized that I was the lucky one.  :-(

The trick I documented above works if the exported raw 
TCP stream happens to produce a well-formed multi-byte 
text file (e.g. something that Unix "file" utility would classify 
as "Unicode text, UTF-16, little-endian").

The technique doesn't to work for arbitrary multi-byte files 
that the Unix "file" utility simply classifies as "data".

Sorry for the false lead.

Jim Y.