Wireshark-users: Re: [Wireshark-users] Database Protocol support
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Joerg Mayer <jmayer@xxxxxxxxx>
Date: Thu, 28 Aug 2008 18:43:04 +0200
On Wed, Aug 27, 2008 at 03:42:32PM -0700, Guy Harris wrote:
> > I had a question regarding the DB protocols supported by tshark. I  
> > saw mysql support but is there also support for other protocols for  
> > queries to Oracle or DB2?
> 
> I have the impression that Oracle uses a protocol that Wireshark calls  
> "TNS" (Transparent Network Substrate); that protocol is dissected by  
> Wireshark/TShark.
> 
> Wireshark/TShark also dissect a protocol called DRDA (Distributed  
> Relational Database Architecture); a comment in the DRDA dissector says:
> 
> *  DRDA in a nutshell
> *
> *   DRDA stands for Distributed Relational Database Architecture.
> *   It is a protocol between database client and database server  
> published by
> *   the Open Group (www.opengroup.org) DDM (Distributed Data  
> Management) is an
> *   data management interface which allows to exchange structured data  
> between
> *   systems.  DRDA is specific to relational databases and uses a  
> subset of DDM
> *   to transport its data.  The IBM DB2 product uses the DRDA protocol  
> from
> *   version V8.  Unless negotiated differently during the handshake,  
> the fields
> *   of the DDM commands and reply messages are in EBCDIC.
> *
> *   Documentation:
> *       DRDA Version 3 Vol. 3: Distributed Relational Database  
> Architecture,
> *       Open Group.
> *   Reference for Remote DRDA Requesters and Servers, IBM.

We also have the SOURCES for a dissector that probably contains all the
interesting information. The files are epan/dissectors/packet-sqloracle.[hc]

The sources don't build with current Wireshark but if someone wants to use
the knowledge to create an Oracle dissector, it's there.

The file starts with the following comment:

/* packet-sqloracle.c
 * Routines for SQL ORcle packet dissection
 *
 * The initial Wireshark version of this file was imported from the
 * ClearSight source code package.
 * No author/copyright given in the original file.

 Ciao
      Joerg
-- 
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.