Wireshark-users: Re: [Wireshark-users] Oracle

From: "Beno, Tal" <Tal_Beno@xxxxxxx>
Date: Thu, 21 May 2009 16:02:22 -0500

Thanks Steve,

 

Which dissector (working on which packet level\layer) though according to your knowledge will be able to actually tell me that this traffic belongs to Oracle at all?

 

Just to clarify, the passive is not the prerequisite here – but the credential-less is. So I would still not let go on Wireshark at this stage, unless this is really futile.

 

Thanks,

Tal

 

 

From: Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx>
Date: Thu, 21 May 2009 14:54:06 -0600


On Thu, May 21, 2009 at 02:51:39PM -0500, Beno, Tal wrote:
 
> I need to run Wireshark\tshark and simply identify which machines are 
> running oracle and with what versions.
> 
> Which dissectors can help me to accomplish and retrieve that data? Is 
> that part of the current dissector's bundle?
 
Wireshark watches traffic going by in a passive manner.  The dissectors 
*might* be able to identify the version of Oracle (I don't know how well 
we support it if at all).  It sounds like you would be better suited to 
use an active scanning tool such as Nmap.
 
 
Steve

 


From: Beno, Tal
Sent: Thursday, May 21, 2009 3:52 PM
To: 'wireshark-users@xxxxxxxxxxxxx'
Subject: Oracle

 

Hi all,

 

Being so new with this technology I would humbly ask for your answer with this quick question.

I need to run Wireshark\tshark and simply identify which machines are running oracle and with what versions.

 

Which dissectors can help me to accomplish and retrieve that data? Is that part of the current dissector’s bundle?

 

Thanks,

Tal