How to search for some particular SQL commands in TNS proprietary protocol with tshark.

Solution Verified - Updated -


There is a need to check if some particular SQL commands can be seen in captured network dump.
But the tshark shows TNS protocol.

Transparent Network Substrate (TNS), a proprietary Oracle computer-networking technology, supports homogeneous peer-to-peer connectivity on top of other networking technologies such as TCP/IP, SDP and named pipes. TNS operates mainly for connection to Oracle databases.

$tshark -r some_file.pcap eq 1
6  04:10:19.804101→yyy.yyy.yyy.yyy TNS 89 38108 1521 Request, Data (6), Piggy back function follow
7  04:10:19.804342→yyy.yyy.yyy.yyy TNS 84 1521 38108 Response, Data (6), Function Complete
9  04:10:19.807417→yyy.yyy.yyy.yyy TNS 254 38108 1521 Request, Data (6), User OCI Functions
10 04:10:19.807763→yyy.yyy.yyy.yyy TNS 253 1521 38108 Response, Data (6), Describe Information

There is a need to search in the capture file for presence of particular SQL commands like SELECT, MERGE, INSERT etc.


  • all rhel version
  • tshark

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content