READ data in Transit

Table of Contents

Inspect Network Packets for Data in Transit
or
Read Data in Transit

Can we read data packet on network?

Yes, it is possible to read data packets on a network. There are various tools and techniques that can be used to capture and analyze data packets, including:

  • Network sniffers: These are specialized tools that can capture and display data packets in real-time as they are transmitted over a network.

  • Protocol analyzers: These tools can decode and dissect the various layers of data packets, allowing you to see the contents of the packet and understand how it is structured.

  • Packet capture libraries: These are software libraries that can be used to build custom tools for capturing and analyzing data packets. Examples include libpcap for C/C++ and pyshark for Python.

To read data packets on a network, you will need to have access to the network and the appropriate tools and knowledge.

Is there any simple OS command to read or inspect Network Packets?

“Yes”.  “tcpdump” is command you can use to inspect (read data packets) the data of network. If it is not installed, you can install it with yum command. 

Demo: Inspect / Read Network Packets for Data in Transit

We will read a oracle user (PREY_USER) data which is flowing through port 1521

Open Linux shell and run command

[root@localhost ~]# tcpdump -i lo -A port 1521

[root@localhost ~]# tcpdump -i lo -A port 1521
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
 

Now connect to oracle user and try to fetch data.
See following logs 

[oracle@localhost ~]$ sqlplus prey_user/prey123@XEPDB1

SQL*Plus: Release 21.0.0.0.0 - Production on Sun Jan 8 07:55:26 2023
Version 21.3.0.0.0

Copyright (c) 1982, 2021, Oracle.  All rights reserved.

Last Successful login time: Sun Jan 08 2023 07:55:03 +00:00

Connected to:
Oracle Database 21c Express Edition Release 21.0.0.0.0 - Production
Version 21.3.0.0.0

SQL> col TNAME format a15
SQL> set colsep | pagesize 20000 trims on linesize 300
SQL> col ename format a20
SQL> select * from emp;

     EMPNO|ENAME               |MOBILE_NUMBER       |    DEPTNO
----------|--------------------|--------------------|----------
      7566|JONES               |+91-7448236762      |        10
      7156|RSAINI              |+91-7448236444      |        20

SQL>
SQL>
 
 

Now see the session which is opened in past to run command "tcpdump"
You ill see the below capture data detail.

[root@localhost ~]# tcpdump -i lo -A port 1521

dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
07:55:26.612669 IP localhost.64000 > localhost.ncube-lm: Flags [S], seq 223752253, win 65495, options [mss 65495,sackOK,TS val 887648795 ecr 0,nop,wscale 7], length 0
****************************
****************************
07:55:48.900053 IP localhost.64000 > localhost.ncube-lm: Flags [P.], seq 3612:3967, ack 4418, win 512, options [nop,nop,TS val 887671082 ecr 887649382], length 355
E....Y@.@................V>Y...............
4..*4.tf...c.......^.a...............3................................................................................................................Y...............................................................................................................................................select * from emp....................................................
07:55:48.940520 IP localhost.ncube-lm > localhost.64000: Flags [.], ack 3967, win 512, options [nop,nop,TS val 887671122 ecr 887671082], length 0
E..4bz@.@..G.................V?......(.....
4..R4..*
07:55:48.965367 IP localhost.ncube-lm > localhost.64000: Flags [P.], seq 4418:5077, ack 3967, win 512, options [nop,nop,TS val 887671147 ecr 887671082], length 659
E...b{@.@....................V?............
4..k4..*.................-U....[H6..G.hx{...81J.......\........................................................EMPNO...................
...............................i...
....?.........ENAME...................................................i........?.........MOBILE_NUMBER......................................................................DEPTNO...................x{...81........................................................................,..
..LC.JONES.+91-7448236762........I..................................=.................. ...............................6.................p..............................................................................
07:55:48.965399 IP localhost.64000 > localhost.ncube-lm: Flags [.], ack 5077, win 507, options [nop,nop,TS val 887671147 ecr 887671147], length 0
E..4.Z@.@..g.............V?....g.....(.....
4..k4..k
07:55:48.982356 IP localhost.64000 > localhost.ncube-lm: Flags [P.], seq 3967:3988, ack 5077, win 512, options [nop,nop,TS val 887671164 ecr 887671147], length 21
E..I.[@.@..Q.............V?....g.....=.....
4..|4..k.....................
07:55:48.982536 IP localhost.ncube-lm > localhost.64000: Flags [.], ack 3988, win 512, options [nop,nop,TS val 887671164 ecr 887671164], length 0
E..4b|@.@..E...............g.V?......(.....
4..|4..|
07:55:48.982956 IP localhost.ncube-lm > localhost.64000: Flags [P.], seq 5077:5350, ack 3988, win 512, options [nop,nop,TS val 887671165 ecr 887671164], length 273
E..Eb}@.@..3...............g.V?......9.....
4..}4..|.............P........................f1Xu.............d..... ,....H9.RSAINI.+91-7448236444........>......{........... ...............................6.................p.........................................................{....................ORA-01403: no data found
.
07:55:48.982979 IP localhost.64000 > localhost.ncube-lm: Flags [.], ack 5350, win 510, options [nop,nop,TS val 887671165 ecr 887671165], length 0
E..4.\@.@..e.............V?....x.....(.....
4..}4..}
07:56:10.890623 IP localhost.15576 > localhost.ncube-lm: Flags [P.], seq 3185834623:3185835077, ack 4103495261, win 512, options [nop,nop,TS val 887693073 ecr 887247826], length 454
E...~.@.@..k........<.........^]...........
4...4.S...... ........H...........0.........#...BEC76C2CC136-5F9F-E034-0003BA1374B3..e.........6-5h.............................................................................p.@.!..U..............................(...............................................h.................p.@.!.
.U..............B.......................................................................h.......................8.................p.@.!..U..............C.......................
07:56:10.891581 IP localhost.ncube-lm > localhost.15576: Flags [P.], seq 1:251, ack 454, win 512, options [nop,nop,TS val 887693073 ecr 887693073], length 250
E.....@.@.^...........<...^]...E.....".....
4...4........ ............................................0]...............................s........p.@.!..U.......................]......      ........................\........p.@.!..U.......................1......      .................................p.@.!..U......
07:56:10.891619 IP localhost.15576 > localhost.ncube-lm: Flags [.], ack 251, win 511, options [nop,nop,TS val 887693074 ecr 887693073], length 0
E..4~.@.@..0........<......E.._W.....(.....
4...4...
 

how to secure your database and enable security features in oracle database?

Configure NNE for DB
Configure DB wallet