Wireshark mailing list archives
how to capture entire SQL commands from capture, and export as text/csv?
From: Shawn T Carroll <shawnthomascarroll () yahoo com>
Date: Mon, 12 Dec 2011 10:36:11 -0800 (PST)
We have an application transaction that produces about 360 SQL queries and responses (Postgresql in particular). I wanted to dump a list of the SQL queries issued, along with a timestamp of when the query was issued. "follow stream" and then a copy/paste shows the human-readable bits from the tcp segment, but does not capture the timestamps, nor does it distinguish commands issued from teh client from responses sent by the server. Right-clicking on the PostgreSQL > Query in the decode pane, and "apply as column", followed by exporting as a CSV was partially successful, but it seems to chop off the query at a couple hundred bytes, see this output: "No.","Time","Source","Destination","Protocol","Length","Frame length on the wire","Query","Info" "1","0.000000","10.10.0.206","10.10.0.73","PGSQL","556","556","select pg_attribute.attname, pg_attribute.atttypid::int, pg_attribute.attnotnull, pg_attribute.attlen, pg_attribute.atttypmod, pg_attrdef.adsrc from pg_class, pg_attribute left join pg_attrdef on (pg_attrdef.adrelid = pg_attribute.attrelid and pg_attrdef.",">Q" "2","0.102997","10.10.0.206","10.10.0.73","PGSQL","462","462","SELECT pg_attribute.attname, pg_attribute.atttypid::int, pg_class.relname FROM pg_attribute, pg_class WHERE pg_table_is_visible(pg_class.oid) AND pg_class.oid IN (SELECT indexrelid FROM pg_index WHERE indisprimary = true AND indrelid IN (SELECT oid FROM ",">Q" "3","0.205383","10.10.0.206","10.10.0.73","PGSQL","568","568","select pg_attribute.attname, pg_attribute.atttypid::int, pg_attribute.attnotnull, pg_attribute.attlen, pg_attribute.atttypmod, pg_attrdef.adsrc from pg_class, pg_attribute left join pg_attrdef on (pg_attrdef.adrelid = pg_attribute.attrelid and pg_attrdef.",">Q" "4","0.307351","10.10.0.206","10.10.0.73","PGSQL","474","474","SELECT pg_attribute.attname, pg_attribute.atttypid::int, pg_class.relname FROM pg_attribute, pg_class WHERE pg_table_is_visible(pg_class.oid) AND pg_class.oid IN (SELECT indexrelid FROM pg_index WHERE indisprimary = true AND indrelid IN (SELECT oid FROM ",">Q" "5","0.409829","10.10.0.206","10.10.0.73","PGSQL","558","558","select pg_attribute.attname, pg_attribute.atttypid::int, pg_attribute.attnotnull, pg_attribute.attlen, pg_attribute.atttypmod, pg_attrdef.adsrc from pg_class, pg_attribute left join pg_attrdef on (pg_attrdef.adrelid = pg_attribute.attrelid and pg_attrdef.",">Q" "6","0.512595","10.10.0.206","10.10.0.73","PGSQL","464","464","SELECT pg_attribute.attname, pg_attribute.atttypid::int, pg_class.relname FROM pg_attribute, pg_class WHERE pg_table_is_visible(pg_class.oid) AND pg_class.oid IN (SELECT indexrelid FROM pg_index WHERE indisprimary = true AND indrelid IN (SELECT oid FROM ",">Q" "7","0.614801","10.10.0.206","10.10.0.73","PGSQL","463","463","SELECT pg_attribute.attname, pg_attribute.atttypid::int, pg_class.relname FROM pg_attribute, pg_class WHERE pg_table_is_visible(pg_class.oid) AND pg_class.oid IN (SELECT indexrelid FROM pg_index WHERE indisprimary = true AND indrelid IN (SELECT oid FROM ",">Q" . . ~360 more of these . <end> Is there a way to have my cake and eat it too? Perhaps adjust the upper bound of the number of characters allowed in the newly created "Query" column? Thanks, Shawn
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- how to capture entire SQL commands from capture, and export as text/csv? Shawn T Carroll (Dec 12)
- Re: [Wireshark-users] how to capture entire SQL commands from capture, and export as text/csv? Chris Maynard (Dec 12)
- Re: how to capture entire SQL commands from capture, and export as text/csv? Shawn T Carroll (Dec 12)
- Re: [Wireshark-users] how to capture entire SQL commands from capture, and export as text/csv? Chris Maynard (Dec 12)
- Re: how to capture entire SQL commands from capture, and export as text/csv? Shawn T Carroll (Dec 12)
- Re: how to capture entire SQL commands from capture, and export as text/csv? mohamed yassin (Dec 19)
- Re: how to capture entire SQL commands from capture, and export as text/csv? Shawn T Carroll (Dec 12)
- Re: [Wireshark-users] how to capture entire SQL commands from capture, and export as text/csv? Chris Maynard (Dec 12)