Re: Sniffer Tool?

  • From: Pete Finnigan <pete@xxxxxxxxxxxxxxxx>
  • To: jkstill@xxxxxxxxx
  • Date: Wed, 18 Mar 2009 15:41:52 +0000

Hi Guys,

I agree with Jared, be careful before contemplating a port scan, you
will have trouble if you do not have permission.

The trouble with a port scan is that it will not find all databases as
some could be not visible to the network at large or more simply to the
scanning PC. If you have segregated networks then scanning means that
you need to fully understand the network architecture first to ensure
that you *can* scan all of the network. Also you will not find databases
that are simply not running. Also; scanning will find listeners not
database instances. You would need to then query all listeners found and
find the database services being listened for on each listener.

As you may have guessed this is not a foolproof possibility and you may
not find all databases.

I would suggest the following approach:

1) ensure you are scanning from somewhere that can see the whole of the
network. Involve the network guys

2) scan more than once to ensure that you capture any machines that may
have been down the first time

3) use nmap and find live hosts, then use amap to identify running services

4) isolate Oracle services - then query the listeners to find the
databases served. This may prove difficult if they are 10g as it cannot
be then done remotely. You could use integrigy's listener tool - link on
my tools page to help with this - http://www.petefinnigan.com/tools.htm

5) It may be necessary to connect to the srevers to test the listener.

Tim Gorman had a simple script called tnsprobe - there is a link on my
tools page - http://www.petefinnigan.com/tools.htm  that did a simple
check for databases using tnsping and a shell script. There are
commercial tools that can scan for Oracle databases but the license
costs would not be justified for this task. You could also use something
like Nessus but beware that this tool could also bring down the databases.

good luck.

cheers

Pete

Jared Still wrote:
> On Mon, Mar 16, 2009 at 1:00 PM, Manjula Krishnan <oradba.la@xxxxxxxxx>wrote:
> 
>> Hi Guys:
>>
>> Is there a tool out there that would sniff out my network and find all the
>> oracle installs, versions, hardware info on the servers etc?
>>
> 
> You could use nmap (linux)  to find ports being used in the range that
> Oracle uses, typically 1521-1529 would find something if Oracle
> is being used.
> 
> I've used a perl script called pcan to do this.
> 
> However you go about it, talk to your security folks before you
> start a port scan on the network.
> 
> 
> Jared Still
> Certifiable Oracle DBA and Part Time Perl Evangelist
> 

-- 

Pete Finnigan
Director
PeteFinnigan.com Limited

Specialists in database security.

If you need help to audit or secure an Oracle database, please ask for
details of our courses and consulting services

Phone: +44 (0)1904 791188
Fax  : +44 (0)1904 791188
Mob  : +44 (0)7742 114223
email: pete@xxxxxxxxxxxxxxxx
site : http://www.petefinnigan.com

Registered Office: 9 Beech Grove, Acomb, York, YO26 5LD, United Kingdom
Company No       : 4664901
VAT No.          : 940 6681 14

Please note that this email communication is intended only for the
addressee and may contain confidential or privileged information. The
contents of this email may be circulated internally within your
organisation only and may not be communicated to third parties without
the prior written permission of PeteFinnigan.com Limited.  This email is
not intended nor should it be taken to create any legal relations,
contractual or otherwise.

--
//www.freelists.org/webpage/oracle-l


Other related posts: