how to capture entire SQL commands from capture, and export as text/csv?

[Shawn T Carroll <shawnthomascarroll () yahoo com>]

We have an application transaction that produces about 360 SQL queries and responses (Postgresql in particular).

I wanted to dump a list of the SQL queries issued, along with a timestamp of when the query was issued.

"follow stream" and then a copy/paste shows the human-readable bits from the tcp segment, but does not capture the 
timestamps, nor does it distinguish commands issued from teh client from responses sent by the server.

Right-clicking on the PostgreSQL > Query in the decode pane, and "apply as column", followed by exporting as a CSV was 
partially successful, but it seems to chop off the query at a couple hundred bytes, see this output:

"No.","Time","Source","Destination","Protocol","Length","Frame length on the wire","Query","Info"
"1","0.000000","10.10.0.206","10.10.0.73","PGSQL","556","556","select pg_attribute.attname, pg_attribute.atttypid::int, 
pg_attribute.attnotnull, pg_attribute.attlen, pg_attribute.atttypmod, pg_attrdef.adsrc from pg_class, pg_attribute left 
join pg_attrdef on (pg_attrdef.adrelid = pg_attribute.attrelid and pg_attrdef.",">Q"
"2","0.102997","10.10.0.206","10.10.0.73","PGSQL","462","462","SELECT pg_attribute.attname, pg_attribute.atttypid::int, 
pg_class.relname FROM pg_attribute, pg_class WHERE pg_table_is_visible(pg_class.oid) AND pg_class.oid IN (SELECT 
indexrelid FROM pg_index WHERE indisprimary = true AND indrelid IN  (SELECT oid FROM ",">Q"
"3","0.205383","10.10.0.206","10.10.0.73","PGSQL","568","568","select pg_attribute.attname, pg_attribute.atttypid::int, 
pg_attribute.attnotnull, pg_attribute.attlen, pg_attribute.atttypmod, pg_attrdef.adsrc from pg_class, pg_attribute left 
join pg_attrdef on (pg_attrdef.adrelid = pg_attribute.attrelid and pg_attrdef.",">Q"
"4","0.307351","10.10.0.206","10.10.0.73","PGSQL","474","474","SELECT pg_attribute.attname, pg_attribute.atttypid::int, 
pg_class.relname FROM pg_attribute, pg_class WHERE pg_table_is_visible(pg_class.oid) AND pg_class.oid IN (SELECT 
indexrelid FROM pg_index WHERE indisprimary = true AND indrelid IN  (SELECT oid FROM ",">Q"
"5","0.409829","10.10.0.206","10.10.0.73","PGSQL","558","558","select pg_attribute.attname, pg_attribute.atttypid::int, 
pg_attribute.attnotnull, pg_attribute.attlen, pg_attribute.atttypmod, pg_attrdef.adsrc from pg_class, pg_attribute left 
join pg_attrdef on (pg_attrdef.adrelid = pg_attribute.attrelid and pg_attrdef.",">Q"
"6","0.512595","10.10.0.206","10.10.0.73","PGSQL","464","464","SELECT pg_attribute.attname, pg_attribute.atttypid::int, 
pg_class.relname FROM pg_attribute, pg_class WHERE pg_table_is_visible(pg_class.oid) AND pg_class.oid IN (SELECT 
indexrelid FROM pg_index WHERE indisprimary = true AND indrelid IN  (SELECT oid FROM ",">Q"
"7","0.614801","10.10.0.206","10.10.0.73","PGSQL","463","463","SELECT pg_attribute.attname, pg_attribute.atttypid::int, 
pg_class.relname FROM pg_attribute, pg_class WHERE pg_table_is_visible(pg_class.oid) AND pg_class.oid IN (SELECT 
indexrelid FROM pg_index WHERE indisprimary = true AND indrelid IN  (SELECT oid FROM ",">Q"
.
.  ~360 more of these

.
<end>


Is there a way to have my cake and eat it too?  Perhaps adjust the upper bound of the number of characters allowed in 
the newly created "Query" column?

Thanks,
Shawn

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe