본문 바로가기
Engineering/Network

sqlplus 로 oracle 접속시 tcpdump 패킷 분석

산책散策 2011. 3. 31.
728x90
sqlplus 로 oracle 접속시 tcpdump 패킷 분석입니다.

[root@]# tcpdump -ibr0 host 192.168.100.200 -X -s0

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on br0, link-type EN10MB (Ethernet), capture size 65535 bytes

15:43:25.927261 arp who-has 192.168.100.200 tell 192.168.100.217

        0x0000:  0001 0800 0604 0001 0017 083a 4a4b c0a8  ...........:JK..

        0x0010:  64d9 0000 0000 0000 c0a8 64c8 0000 0000  d.........d.....

        0x0020:  0000 0000 0000 0000 0000 0000 0000       ..............

15:43:25.927778 arp reply 192.168.100.200 is-at 00:04:ac:7c:9a:58 (oui Unknown)

        0x0000:  0001 0800 0604 0002 0004 ac7c 9a58 c0a8  ...........|.X..

        0x0010:  64c8 0017 083a 4a4b c0a8 64d9 0000 0000  d....:JK..d.....

        0x0020:  0000 0000 0000 0000 0000 0000 0000       ..............

15:43:25.927837 IP 192.168.100.217.34412 > 192.168.100.200.ncube-lm: S 351762768:351762768(0) win 5840 <mss 1460,sackOK,timestamp 1742842027 0,nop,wscale 8>

        0x0000:  4500 003c d1fb 4000 4006 1dce c0a8 64d9  E..<..@.@.....d.

        0x0010:  c0a8 64c8 866c 05f1 14f7 7950 0000 0000  ..d..l....yP....

        0x0020:  a002 16d0 bb0a 0000 0204 05b4 0402 080a  ................

        0x0030:  67e1 a8ab 0000 0000 0103 0308            g...........

15:43:25.928278 IP 192.168.100.200.ncube-lm > 192.168.100.217.34412: S 1770856453:1770856453(0) ack 351762769 win 65535 <mss 1460>

        0x0000:  4500 002c a031 0000 3c06 93a8 c0a8 64c8  E..,.1..<.....d.

        0x0010:  c0a8 64d9 05f1 866c 698d 2005 14f7 7951  ..d....li.....yQ

        0x0020:  6012 ffff a8eb 0000 0204 05b4            `...........

15:43:25.928383 IP 192.168.100.217.34412 > 192.168.100.200.ncube-lm: . ack 1 win 5840

        0x0000:  4500 0028 d1fc 4000 4006 1de1 c0a8 64d9  E..(..@.@.....d.

        0x0010:  c0a8 64c8 866c 05f1 14f7 7951 698d 2006  ..d..l....yQi...

        0x0020:  5010 16d0 a9d8 0000                      P.......

15:43:25.928583 IP 192.168.100.217.34412 > 192.168.100.200.ncube-lm: P 1:216(215) ack 1 win 5840

        0x0000:  4500 00ff d1fd 4000 4006 1d09 c0a8 64d9  E.....@.@.....d.

        0x0010:  c0a8 64c8 866c 05f1 14f7 7951 698d 2006  ..d..l....yQi...

        0x0020:  5018 16d0 71d2 0000 00d7 0000 0100 0000  P...q...........

        0x0030:  0139 012c 0c01 0800 7fff 7f08 0000 0100  .9.,............

        0x0040:  009d 003a 0000 0200 4141 0000 0000 0000  ...:....AA......

        0x0050:  0000 0000 0000 0000 0000 0000 0000 0000  ................

        0x0060:  0000 2844 4553 4352 4950 5449 4f4e 3d28  ..(DESCRIPTION=(

        0x0070:  4144 4452 4553 533d 2850 524f 544f 434f  ADDRESS=(PROTOCO

        0x0080:  4c3d 5443 5029 2848 4f53 543d 3139 322e  L=TCP)(HOST=192.

        0x0090:  3136 382e 3130 302e 3230 3029 2850 4f52  168.100.200)(POR

        0x00a0:  543d 3135 3231 2929 2843 4f4e 4e45 4354  T=1521))(CONNECT

        0x00b0:  5f44 4154 413d 2853 4552 5649 4345 5f4e  _DATA=(SERVICE_N

        0x00c0:  414d 453d 4f52 4139 3229 2843 4944 3d28  AME=ORA92)(CID=(

        0x00d0:  5052 4f47 5241 4d3d 7371 6c70 6c75 7329  PROGRAM=sqlplus)

        0x00e0:  2848 4f53 543d 4368 616b 7261 5465 7374  (HOST=XXXX

        0x00f0:  2928 5553 4552 3d72 6f6f 7429 2929 29    )(USER=root))))

15:43:25.996988 IP 192.168.100.200.ncube-lm > 192.168.100.217.34412: . ack 216 win 65535

        0x0000:  4500 0028 a032 0000 3c06 93ab c0a8 64c8  E..(.2..<.....d.

        0x0010:  c0a8 64d9 05f1 866c 698d 2006 14f7 7a28  ..d....li.....z(

        0x0020:  5010 ffff bfd1 0000                      P.......

15:43:26.015227 IP 192.168.100.200.ncube-lm > 192.168.100.217.34412: P 1:9(8) ack 216 win 65535

        0x0000:  4500 0030 a033 0000 3c06 93a2 c0a8 64c8  E..0.3..<.....d.

        0x0010:  c0a8 64d9 05f1 866c 698d 2006 14f7 7a28  ..d....li.....z(

        0x0020:  5018 ffff b4b9 0000 0008 0000 0b00 0000  P...............

15:43:26.015295 IP 192.168.100.217.34412 > 192.168.100.200.ncube-lm: . ack 9 win 5840

        0x0000:  4500 0028 d1fe 4000 4006 1ddf c0a8 64d9  E..(..@.@.....d.

        0x0010:  c0a8 64c8 866c 05f1 14f7 7a28 698d 200e  ..d..l....z(i...

        0x0020:  5010 16d0 a8f9 0000                      P.......

15:43:26.015352 IP 192.168.100.217.34412 > 192.168.100.200.ncube-lm: P 216:431(215) ack 9 win 5840

        0x0000:  4500 00ff d1ff 4000 4006 1d07 c0a8 64d9  E.....@.@.....d.

        0x0010:  c0a8 64c8 866c 05f1 14f7 7a28 698d 200e  ..d..l....z(i...

        0x0020:  5018 16d0 70f3 0000 00d7 0000 0100 0000  P...p...........

        0x0030:  0139 012c 0c01 0800 7fff 7f08 0000 0100  .9.,............

        0x0040:  009d 003a 0000 0200 4141 0000 0000 0000  ...:....AA......

        0x0050:  0000 0000 0000 0000 0000 0000 0000 0000  ................

        0x0060:  0000 2844 4553 4352 4950 5449 4f4e 3d28  ..(DESCRIPTION=(

        0x0070:  4144 4452 4553 533d 2850 524f 544f 434f  ADDRESS=(PROTOCO

        0x0080:  4c3d 5443 5029 2848 4f53 543d 3139 322e  L=TCP)(HOST=192.

        0x0090:  3136 382e 3130 302e 3230 3029 2850 4f52  168.100.200)(POR

        0x00a0:  543d 3135 3231 2929 2843 4f4e 4e45 4354  T=1521))(CONNECT

        0x00b0:  5f44 4154 413d 2853 4552 5649 4345 5f4e  _DATA=(SERVICE_N

        0x00c0:  414d 453d 4f52 4139 3229 2843 4944 3d28  AME=ORA92)(CID=(

        0x00d0:  5052 4f47 5241 4d3d 7371 6c70 6c75 7329  PROGRAM=sqlplus)

        0x00e0:  2848 4f53 543d 4368 616b 7261 5465 7374  (HOST=XXXX

        0x00f0:  2928 5553 4552 3d72 6f6f 7429 2929 29    )(USER=root))))

15:43:26.015977 IP 192.168.100.200.ncube-lm > 192.168.100.217.34412: P 9:41(32) ack 431 win 65535

        0x0000:  4500 0048 a034 0000 3c06 9389 c0a8 64c8  E..H.4..<.....d.

        0x0010:  c0a8 64d9 05f1 866c 698d 200e 14f7 7aff  ..d....li.....z.

        0x0020:  5018 ffff e60f 0000 0020 0000 0200 0000  P...............

        0x0030:  0138 0c01 0800 7fff 0001 0000 0020 4141  .8............AA

        0x0040:  0000 0000 0000 0000                      ........

15:43:26.016142 IP 192.168.100.217.34412 > 192.168.100.200.ncube-lm: P 431:587(156) ack 41 win 5840

        0x0000:  4500 00c4 d200 4000 4006 1d41 c0a8 64d9  E.....@.@..A..d.

        0x0010:  c0a8 64c8 866c 05f1 14f7 7aff 698d 202e  ..d..l....z.i...

        0x0020:  5018 16d0 7a43 0000 009c 0000 0600 0000  P...zC..........

        0x0030:  0000 dead beef 0092 0a20 0100 0004 0000  ................

        0x0040:  0400 0300 0000 0000 0400 050a 2001 0000  ................

        0x0050:  0800 0100 002e d94c d5e1 0a00 1200 01de  .......L........

        0x0060:  adbe ef00 0300 0000 0400 0400 0100 0100  ................

        0x0070:  0200 0100 0300 0000 0000 0400 050a 2001  ................

        0x0080:  0000 0200 03e0 e100 0200 06fc ff00 0200  ................

        0x0090:  0200 0000 0000 0400 050a 2001 0000 0c00  ................

        0x00a0:  0100 1106 100c 0f0a 0b08 0201 0300 0300  ................

        0x00b0:  0200 0000 0000 0400 050a 2001 0000 0300  ................

        0x00c0:  0100 0301

파란색 : IP 패킷

- 1th, 2th arp lookup

- 3th 패킷
15:43:25.927837 IP 192.168.100.217.34412 > 192.168.100.200.ncube-lm: S 351762768:351762768(0) win 5840 <mss 1460,sackOK,timestamp 1742842027 0,nop,wscale 8>
클라이언트 -> 서버 SYN
ip_len : 0x003c
seq : 0x14f77950(= 351762768)

- 4th 패킷 설명 
15:43:25.928278 IP 192.168.100.200.ncube-lm > 192.168.100.217.34412: S 1770856453:1770856453(0) ack 351762769 win 65535 <mss 1460>
서버 -> 클라이언트 SYN
ip_len : 0x002c
port(16byte): 866c(34412), 05f1(1521)
seq : 0x69852005(= 1770856453), ack : 0x14f77951(= 351762769)

- 5th 패킷 설명
15:43:25.928383 IP 192.168.100.217.34412 > 192.168.100.200.ncube-lm: . ack 1 win 5840
ip_len : 0x0028
클라이언트 -> 서버 ACK
seq : 0x14f77951(4th ack), ack : 0x698d2006(4th seq + 1)

- 6th 패킷 설명
15:43:25.928583 IP 192.168.100.217.34412 > 192.168.100.200.ncube-lm: P 1:216(215) ack 1 win 5840
클라이언트 -> 서버 PUSH
ip_len : 0x00ff
seq : 0x14f77951, ack : 0x698d2006
데이타 : 위치 0x0028의 00d7부터 데이터 필드. 

- 7th 패킷 설명
15:43:25.996988 IP 192.168.100.200.ncube-lm > 192.168.100.217.34412: . ack 216 win 65535
서버 -> 클라이언트 .(플래그없음)
ip_len : 0x0028
seq : 0x698d2006(6th ack), ack : 0x14f77a28(= 0x14f77951 + 215)(6th seq + 215)

- 8th 패킷 설명
15:43:26.015227 IP 192.168.100.200.ncube-lm > 192.168.100.217.34412: P 1:9(8) ack 216 win 65535
서버 -> 클라이언트
seq : 0x698d2006, ack : 0x14f77a28

- 9th 패킷 설명
15:43:26.015295 IP 192.168.100.217.34412 > 192.168.100.200.ncube-lm: . ack 9 win 5840
클라이언트 -> 서버 .(플래그없음)
seq : 0x14f77a28, ack : 698d200e(0x698d2006 + 8)

- 10th 패킷 설명
15:43:26.015352 IP 192.168.100.217.34412 > 192.168.100.200.ncube-lm: P 216:431(215) ack 9 win 5840
클라이언트 -> 서버 PUSH
seq : 0x14f77a28, ack : 698d200e

- 11th 패킷 설명
15:43:26.015977 IP 192.168.100.200.ncube-lm > 192.168.100.217.34412: P 9:41(32) ack 431 win 65535
서버 -> 클라이언트 PUSH
seq : 0x698d200e, ack : 0x14f77aff(= 0x14f77a28 + 215)

- 12th 패킷 설명
15:43:26.016142 IP 192.168.100.217.34412 > 192.168.100.200.ncube-lm: P 431:587(156) ack 41 win 5840
클라이언트 -> 서버 PUSH
seq : 0x14f77aff, ack : 0x698d202e(=0x698d200e + 32)
저작자표시

'Engineering > Network' 카테고리의 다른 글

maillog 로그중에 NOQUEUE: SYSERR(apache): can not chdir(/var/spool/clientmqueue/): Permission denied  (0) 2012.01.10
로컬호스트의 열려진 포트(바인딩하지 않은 포트) 알아오는 간단한 소스  (0) 2011.11.16
bluetooth 와 piconet 자료  (0) 2011.03.18
bridge 인터페이스의 slave 인터페이스 확인  (0) 2011.03.04
STP(spanning tree protocol) 정의  (0) 2011.02.25

'Engineering/Network' Related Articles

티스토리툴바