How to search for some particular SQL commands in TNS proprietary protocol with tshark.

Solution Verified - Updated -

Issue

There is a need to check if some particular SQL commands can be seen in captured network dump.
But the tshark shows TNS protocol.

Transparent Network Substrate (TNS), a proprietary Oracle computer-networking technology, supports homogeneous peer-to-peer connectivity on top of other networking technologies such as TCP/IP, SDP and named pipes. TNS operates mainly for connection to Oracle databases.

$tshark -r some_file.pcap tcp.stream eq 1
...
6  04:10:19.804101 xxx.xxx.xxx.xxx→yyy.yyy.yyy.yyy TNS 89 38108 1521 Request, Data (6), Piggy back function follow
7  04:10:19.804342 xxx.xxx.xxx.xxx→yyy.yyy.yyy.yyy TNS 84 1521 38108 Response, Data (6), Function Complete
...
9  04:10:19.807417 xxx.xxx.xxx.xxx→yyy.yyy.yyy.yyy TNS 254 38108 1521 Request, Data (6), User OCI Functions
10 04:10:19.807763 xxx.xxx.xxx.xxx→yyy.yyy.yyy.yyy TNS 253 1521 38108 Response, Data (6), Describe Information
...

There is a need to search in the capture file for presence of particular SQL commands like SELECT, MERGE, INSERT etc.

Environment

  • all rhel version
  • tshark

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content