RE: Sniffer Tool?
Date: Wed, 18 Mar 2009 12:16:32 -0400
One other problem is that you will miss databases that do not have a listener such as a web server that is served by a local database and depends on the BEQ protocol instead of a listener.
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Pete Finnigan Sent: Wednesday, March 18, 2009 11:42 AM To: jkstill_at_gmail.com
Cc: oradba.la_at_gmail.com; oracle-l_at_freelists.org Subject: Re: Sniffer Tool?
I agree with Jared, be careful before contemplating a port scan, you will have trouble if you do not have permission.
The trouble with a port scan is that it will not find all databases as some could be not visible to the network at large or more simply to the scanning PC. If you have segregated networks then scanning means that you need to fully understand the network architecture first to ensure that you *can* scan all of the network. Also you will not find databases that are simply not running. Also; scanning will find listeners not database instances. You would need to then query all listeners found and find the database services being listened for on each listener.
As you may have guessed this is not a foolproof possibility and you may not find all databases.
I would suggest the following approach:
- ensure you are scanning from somewhere that can see the whole of the network. Involve the network guys
- scan more than once to ensure that you capture any machines that may have been down the first time
- use nmap and find live hosts, then use amap to identify running services
- isolate Oracle services - then query the listeners to find the databases served. This may prove difficult if they are 10g as it cannot be then done remotely. You could use integrigy's listener tool - link on my tools page to help with this - http://www.petefinnigan.com/tools.htm
- It may be necessary to connect to the srevers to test the listener.
Tim Gorman had a simple script called tnsprobe - there is a link on my tools page - http://www.petefinnigan.com/tools.htm that did a simple check for databases using tnsping and a shell script. There are commercial tools that can scan for Oracle databases but the license costs would not be justified for this task. You could also use something like Nessus but beware that this tool could also bring down the databases.
Jared Still wrote:
> On Mon, Mar 16, 2009 at 1:00 PM, Manjula Krishnan
>> Hi Guys: >> >> Is there a tool out there that would sniff out my network and findall the
>> oracle installs, versions, hardware info on the servers etc? >>
> You could use nmap (linux) to find ports being used in the range that
> Oracle uses, typically 1521-1529 would find something if Oracle
> is being used.
> I've used a perl script called pcan to do this.
> However you go about it, talk to your security folks before you
> start a port scan on the network.
> Jared Still
> Certifiable Oracle DBA and Part Time Perl Evangelist
-- Pete Finnigan Director PeteFinnigan.com Limited Specialists in database security. If you need help to audit or secure an Oracle database, please ask for details of our courses and consulting services Phone: +44 (0)1904 791188 Fax : +44 (0)1904 791188 Mob : +44 (0)7742 114223 email: pete_at_petefinnigan.com site : http://www.petefinnigan.com Registered Office: 9 Beech Grove, Acomb, York, YO26 5LD, United Kingdom Company No : 4664901 VAT No. : 940 6681 14 Please note that this email communication is intended only for the addressee and may contain confidential or privileged information. The contents of this email may be circulated internally within your organisation only and may not be communicated to third parties without the prior written permission of PeteFinnigan.com Limited. This email is not intended nor should it be taken to create any legal relations, contractual or otherwise. -- http://www.freelists.org/webpage/oracle-l -- http://www.freelists.org/webpage/oracle-lReceived on Wed Mar 18 2009 - 11:16:32 CDT