OSQA is unmaintained. Help us figure out where to go from here.

How can I capture Oracle SQLPlus traffic? I am running Wireshark with no capture filters and then starting SQLPlus and attempting to connect to a remote Oracle database (the connection doesn't succeed). I cannot see any packets relating to the SQL*Plus traffic in the capture.

Can someone talk me through exactly what's needed to capture traffic from SQLPlus connecting to a remote Oracle database?

Many thanks in advance.

asked 19 Apr, 04:42

Corin's gravatar image

Corin
6114
accept rate: 100%

edited 19 Apr, 04:44

Some questions to sort things out:

  • Are you running Wireshark on the client where your SQLPlus client is also running?
  • Are you able to see any traffic (DNS, ARP...) in Wireshark?
  • Have you configured an IP address or a server name in your SQLPlus client resp. tnsnames.ora file?
  • When you've configured a server name: do you see name lookups (e.g. DNS requests or WINS) for this name in Wireshark?
  • SQLPlus normally connects to 1521/TCP: Is there any packet with this port? (display filter tcp.port==1521)
(20 Apr, 08:48) Uli
  • Yes, running Wireshark on client machine where SQLPlus running
  • Yes, I can see ARP, DNS traffic, if I telnet to the address of my Oracle server I can see TCP traffic to that address
  • The IP address is configured in the tnsnames.ora. The service name is configured in the tnsnames.ora file.
  • I don't know the name of the Oracle database server, I only know its IP address. I know the Oracle service name, is that what you mean?
  • No, there is no packet with this port, the display filter tcp.port==1521 displays nothing
(24 Apr, 07:05) Corin

I've identified the problem, thank you for your help. I will post an answer below.

(24 Apr, 07:18) Corin

The problem turned out to be a badly formatted tnsnames.ora file. The entries were originally formatted like this:

{sid} =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = xxx.xxx.x.xx)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = {servicename})
)
)

The Oracle client tools reported this as ilegally formatted. I add spaces between the elements like so:

{SID} =
 (DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCP)(HOST = xxx.xxx.x.xx)(PORT = 1521))
  (CONNECT_DATA =
  (SERVER = DEDICATED)
  (SERVICE_NAME = {service_name})
 )
)

Now I can see tcp.port==1521 traffic.

permanent link

answered 24 Apr, 07:24

Corin's gravatar image

Corin
6114
accept rate: 100%

edited 24 Apr, 07:27

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×5

question asked: 19 Apr, 04:42

question was seen: 473 times

last updated: 24 Apr, 07:27

p​o​w​e​r​e​d by O​S​Q​A