Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

What you're seeing is called "percent encoding". Whatever program is sending the HTTP POST is using percent encoding, and has, for example, percent-encoded the รค character as its two-octet representation in UTF-8 (hex C3 followed by hex A4, as per @grahamb's comment), with those two octets percent-encoded.

Wireshark doesn't do percent-encoding - it's showing you what was in the packet, without percent-encoding it.

When using a different http post sniffer I can see the scandics.

Perhaps that's not a packet sniffer, so that it doesn't capture, and display, raw network packets, which is what Wireshark does. You refer to it as an "http post sniffer"; perhaps it's a proxy sniffer, and perhaps it undoes the percent-encoding to show you what the percent-encoded text represents. What sniffer is it?