Hi all. Long time since I've posted, but I'm a daily user of Wireshark - can't live without it :-) (I haven't posted in many moons because I haven't needed to. Wireshark consistently delivers.) Recently, I needed to diagnose some slow DB query activity. I was told that the protocol in use is JDBC. I captured the traffic and loaded it up in Wireshark, hoping/expecting that I could simply do a "Decode As", specify JDBC, and see the innards of the request-response pairs. No such luck. It seems that there is no JDBC dissector. I then tried decoding as TDS, but that didn't help - just a bunch of "malformed" notices. I'm not much of a DB guy, so I'm stuck... Is there hope for me? Is there a dissector I SHOULD be using? Do I need to get more information from my DB team on exactly what protocol/variant/DB version is being used? Thx for any help!! feenyman99 asked 25 Jul '16, 09:31  feenyman99 |
One Answer:
What database (Oracle, etc) is being used ? JDBC is just a standard Java API used to access a DB. A client-side library translates the query to the appropriate on-the-wire protocol required to access a particular type of DB. If the database is Oracle, Wireshark does not have a dissector for same. Having said the above, if the DB is Oracle, it's possible you may be able to decode well enough for your purposes. answered 25 Jul '16, 13:04  Bill Meier ♦♦ edited 25 Jul '16, 13:18 |
Yes, the database is Oracle.
And, yes, the truth is, the payload is pretty easy to interpret, even for a non-DB joe like me.
But, I guess Wireshark has spoiled me. I would have expected that I could filter on different JDBC request types, or filter on just JDBC requests, or on just JDBC responses, like I can with something like AJP13.
It's no biggie. I just figured I was missing something obvious when I could not see JDBC-specific decodes.
Thanx Bill, for the explanation.
feenyman99
Your answer has been converted to a comment as that's how this site works. Please read the FAQ for more information.