Databases Reference
In-Depth Information
Figure 10.1
Oracle protocol
stack over TCP/IP.
underlying network is a TCP/IP network, this is all packaged within TCP,
which is packaged within IP. As shown in Figure 10.1, higher-level packets
form the payload of the underlying protocol (vendor-specific protocols—in
this case Oracle 9i—are shown in a lighter gray).
Although vendor protocols tend to be proprietary and not very well
understood by hackers, database engineers, and security professionals alike,
TCP/IP is a well-known protocol, and there are numerous tools available
for inspecting headers and payload of TCP/IP packets. Unless you encrypt
data-in-transit, a not-too-sophisticated hacker can see pretty much every-
thing. In understanding how a hacker can eavesdrop by merely looking at
the TCP/IP payload, let's look at two such tools: tcpdump and Ethereal.
Tcpdump is a utility that is available as part of the installation in most
UNIX systems and is available even for Windows. If you can't see it on your
system, you can download it for most UNIX variants from www.tcp-
dump.org, and you can download the Windows equivalent—WinDump—
from http://windump.polito.it. Tcpdump allows you to dump TCP/IP
packets based on certain filters. You can either print out headers only or you
can dump entire packets and streams to a file; you can then take this file to
your own computer and analyze the contents at your leisure, usually using a
sniffer that can read tcpdump capture files (e.g., Ethereal).
Ethereal (www.ethereal.com) is the world's most popular network pro-
tocol analyzer and is an open source project—available for free under the
GNU license agreement. While technically Ethereal is a beta product, it is
a mature product that can analyze and report on most protocols. It
Search WWH ::
Custom Search