This is probably binary data that your display font has no characters for. HTTP does not necessarily transport text, it could be images or any other form of raw binary the client requested. Hard to say without seeing the rest of the TCP package.

In utils_http.c you have the following function:

static int handle_tcp(const struct tcphdr *tcp, int len)
{
  char buf[PCAP_SNAPLEN];
  memcpy(buf, tcp + 1, len - sizeof(*tcp));
  DEBUG("DANY TCPDs tcp string: %s",buf);
  if (0 == handle_http(buf, len - sizeof(*tcp)))
    return 0;
  return 1;
}

This is making the assumption that the TCP payload always starts 20 bytes after the beginning of the TCP header (always 20 because sizeof(*tcp) == 20). This doesn't take into account any TCP options. If you receive a packet with TCP options (which are very common), handle_http() will have the binary-encoded TCP options at the beginning of its buffer which might be what you're seeing.

Try something like this instead:

static int handle_tcp(const struct tcphdr *tcp, int len)
{
  char buf[PCAP_SNAPLEN];
  memcpy(buf, (void*)tcp + tcp->doff*4, len - tcp->doff*4);
  DEBUG("DANY TCPDs tcp string: %s",buf);
  if (0 == handle_http(buf, len - tcp->doff*4))
    return 0;
  return 1;
}

Or better yet, I have no idea why you're constantly making dozens of copies of your buffer every chance you get. You can just pass pointers around unless I'm missing something:

static int handle_tcp(const struct tcphdr *tcp, int len) {
  return handle_http((void*)tcp + tcp->doff*4, len - tcp->doff*4);
}

The HTTP header Content-Type should tell you the type of payload. The HTTP headers should also say whether compression is used.

Compare what you get with http://web-sniffer.net/ or use something like Wireshark