Wireshark-users: Re: [Wireshark-users] "Follow {TCP, UDP, SSL} Stream" output of a database conne

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 22 Apr 2008 18:22:52 -0700
Don't send mail to the -request addresses, such as wireshark-users- request; just send it to the real mailing list, such as wireshark-users.

Also, if you're not replying to a message that you received, don't send out mail as a reply, send out the mail directly - and if you *are* replying to a message in a digest, don't just reply to the digest mail.

On Apr 22, 2008, at 4:07 PM, 余洪航 wrote:

who can tell me what does this mean?
............................................... 5.0.1.37 ...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................(.....0 }..h...`.................b................................ 5.0.1.37 .................X .......................X .............N.........F.............N.........F.............[..... 3 ................. 3 ..... 3 ..............................................................................................................................................................................................................................................................................................................................................................USER1 ....user11 ..... 1.37 .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................CREATE ....LE #SYSTMPDM:....................Login successfully.
<...
...................SYSTEM............
...211.69.192.86....2007-05-28 16 : 18 : 05 ..............................................................................................................................................................................................................................................................................................................................................................................|.Y.qx...|............j... ...i..........|Y.q....`....s..|j...............i.....q........|........j.......2.......i..`........q.q.Y.q....|Y.q.B.qx...|j.......j......2+.q`...`....C.q.s..|....q.......q..........|....6 ......q ..............|....q......F........q......|....q......o...|....q..F... r ..l .......F ....q ......| ....q ..F ....q ...q ......H .......|....q...q..|...l...|...|....q..............|...V5.0.1.37- Build (2006.12.06 ).....................................................................................| ...|..................... 7.................................F.............[..... 3 ................. 3 ..... 3 .................................................................................................................................................................................................................................................................................................................................................................................................................I ................................select * from system.sysdba.sysdatabases where upper(name) = upper ('CW ').......................................................................................................................................................................................................................................................................................................................................................................................................................[...........................X ......................................NAMEVARCHARSYSDATABASESSYSDBASYSTEM ..................................IDSMALLINTSYSDATABASESSYSDBASYSTEM ..................................RESVD1INTEGERSYSDATABASESSYSDBASYSTEM ..................................RESVD2INTEGERSYSDATABASESSYSDBASYSTEM ..................................RESVD3INTEGERSYSDATABASESSYSDBASYSTEM ..................................RESVD4VARCHARSYSDATABASESSYSDBASYSTEM ..................................RESVD5VARCHARSYSDATABASESSYSDBASYSTEM .....................select ok "CW".sysdba.syscolumns cols on indkey*.Z.m....

I think it means that you took the output from "Follow TCP Stream", "Follow UDP Stream", or "Follow SSL Stream" for a connection to a database server and pasted it into a mail message.

The output of "Follow {TCP,UDP,SSL} Stream" is a lot less useful for binary protocols, such as the Oracle TNS protocol, Sybase/Microsoft TDS protocol, etc. used to talk to database servers. You should look at the main Wireshark window to look at database traffic; if Wireshark displays protocols running on top of the TCP/UDP/SSL layer, look at that, otherwise send to wireshark-devel the raw network trace (not the output of "Follow {TCP,UDP,SSL} Stream" or any other text output) so we can figure out why Wireshark isn't showing protocols above {TCP,UDP,SSL}, and also tell us what type of database server is involved.