How to search for some particular SQL commands in TNS proprietary protocol with tshark.

Solution Verified - Updated -


There is a need to check if some particular SQL commands can be seen in captured network dump.
But the tshark shows TNS protocol.

Transparent Network Substrate (TNS), a proprietary Oracle computer-networking technology, supports homogeneous peer-to-peer connectivity on top of other networking technologies such as TCP/IP, SDP and named pipes. TNS operates mainly for connection to Oracle databases.

$tshark -r some_file.pcap eq 1
6  04:10:19.804101→yyy.yyy.yyy.yyy TNS 89 38108 1521 Request, Data (6), Piggy back function follow
7  04:10:19.804342→yyy.yyy.yyy.yyy TNS 84 1521 38108 Response, Data (6), Function Complete
9  04:10:19.807417→yyy.yyy.yyy.yyy TNS 254 38108 1521 Request, Data (6), User OCI Functions
10 04:10:19.807763→yyy.yyy.yyy.yyy TNS 253 1521 38108 Response, Data (6), Describe Information

There is a need to search in the capture file for presence of particular SQL commands like SELECT, MERGE, INSERT etc.


  • all rhel version
  • tshark

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In