1 | initial version |
It would be nice to know why you are seeing 'malformed packet' in 3.2
Here is why I went to 2.6 (I know it is approaching EOL)
Using thshark 1.8, all data to/from an Oracle 19c database appeared as 'malformed'. Note: Oracle 19c is really Oracle 12.2 under the covers.
After a little research, it seemed that the problem was that 1.x wireshark did not know about the changes to 12c TNS.
Using 1.8 to examine a connection to an Oracle 11g database, everything was fine.
As I could not locate a suitable binary version for Oracle Linux 7.5, I built Wireshark 2.6 from scratch.
After doing so traffic for a 19c Database appears normally, that is as TNS traffic.
Next I took a look at the tns definitions for wireshark
[root@ora75 dissectors]# grep -h '#define' /root/build/wireshark-1.12.13/epan/dissectors/packet-tns.?
#define TCP_PORT_TNS 1521
#define PACKET_TNS_H
#define TNS_TYPE_CONNECT 1
#define TNS_TYPE_ACCEPT 2
#define TNS_TYPE_ACK 3
#define TNS_TYPE_REFUSE 4
#define TNS_TYPE_REDIRECT 5
#define TNS_TYPE_DATA 6
#define TNS_TYPE_NULL 7
#define TNS_TYPE_ABORT 9
#define TNS_TYPE_RESEND 11
#define TNS_TYPE_MARKER 12
#define TNS_TYPE_ATTENTION 13
#define TNS_TYPE_CONTROL 14
#define TNS_TYPE_MAX 19
[root@ora75 dissectors]# grep '#define' /root/build/wireshark-2.6.14rc0/epan/dissectors/packet-tns.c
#define TNS_TYPE_CONNECT 1
#define TNS_TYPE_ACCEPT 2
#define TNS_TYPE_ACK 3
#define TNS_TYPE_REFUSE 4
#define TNS_TYPE_REDIRECT 5
#define TNS_TYPE_DATA 6
#define TNS_TYPE_NULL 7
#define TNS_TYPE_ABORT 9
#define TNS_TYPE_RESEND 11
#define TNS_TYPE_MARKER 12
#define TNS_TYPE_ATTENTION 13
#define TNS_TYPE_CONTROL 14
#define TNS_TYPE_MAX 19
#define SQLNET_SET_PROTOCOL 1
#define SQLNET_SET_DATATYPES 2
#define SQLNET_USER_OCI_FUNC 3
#define SQLNET_RETURN_STATUS 4
#define SQLNET_ACCESS_USR_ADDR 5
#define SQLNET_ROW_TRANSF_HDR 6
#define SQLNET_ROW_TRANSF_DATA 7
#define SQLNET_RETURN_OPI_PARAM 8
#define SQLNET_FUNCCOMPLETE 9
#define SQLNET_NERROR_RET_DEF 10
#define SQLNET_IOVEC_4FAST_UPI 11
#define SQLNET_LONG_4FAST_UPI 12
#define SQLNET_INVOKE_USER_CB 13
#define SQLNET_LOB_FILE_DF 14
#define SQLNET_WARNING 15
#define SQLNET_DESCRIBE_INFO 16
#define SQLNET_PIGGYBACK_FUNC 17
#define SQLNET_SIG_4UCS 18
#define SQLNET_FLUSH_BIND_DATA 19
#define SQLNET_SNS 0xdeadbeef
#define SQLNET_XTRN_PROCSERV_R1 32
#define SQLNET_XTRN_PROCSERV_R2 68
#define OPI_VERSION2 1
#define OPI_OSESSKEY 2
#define OPI_OAUTH 3
#define TCP_PORT_TNS 1521 /* Not IANA registered */
So, quite a bit was changed.
It does seem curious that 3.2 is showing 'malformed' packets.
Just now I checked the TNS '#defines' for 3.2; they are identical to 2.6.
A code regression perhaps?