Re: verifying network encryption on 11gR2?

From: Brent Day <coloradodba_at_gmail.com>
Date: Tue, 21 Jan 2014 12:29:19 -0700
Message-ID: <CAEz8shzHrU0FR4fC7eDRJxuUrJDVh7dt_=L7+ZjnefZOS4us0Q_at_mail.gmail.com>

I would recommend enabling sqlnet tracing set to level 16.

Check out DOC ID 76629.1 on metalink.

Brent

On Tue, Jan 21, 2014 at 7:30 AM, Adric Norris <landstander668_at_gmail.com>wrote:

> Running any sort of network sniffer will unfortunately be very difficult,
> likely impossible, to get approved. That's why I'm hoping to find a method
> which can be easily (and more importantly, reliably) checked from within
> the database.
>
> I do appreciate the suggestion, however, and will certainly keep it in
> mind. Thanx!
>
>
> On Fri, Jan 17, 2014 at 11:09 PM, Jeff C <backseatdba_at_gmail.com> wrote:
>
>> Try using Wireshark. You can pretty easily see the different when network
>> encryption is on versus off. You will see plain text and then a bunch of
>> scrambled data.
>>
>>
>> On Fri, Jan 17, 2014 at 6:41 PM, Adric Norris <landstander668_at_gmail.com>wrote:
>>
>>> Is there a good way to check, from within the database, whether or not
>>> database sessions are utilizing network encryption? I know you can look at
>>> the *network_service_banner* column of *v$session_connect_info*, but
>>> the text format makes it difficult to parse effectively... not to mention
>>> that I'm not certain that it's always populated (thinking of JDBC thin
>>> clients here). The databases in question are all 11.2.0.3/11.2.0.4,
>>> running under a combination of Linux X86-64 and Solaris SPARC 64-bit.
>>>
>>> We're thinking of enabling opportunistic network encryption in the near
>>> future, with the goal of it eventually becoming mandatory. I'd therefore
>>> like to be able to identify plaintext sessions from within the database, so
>>> that we have an idea of which applications / groups will need to make
>>> configuration changes.
>>>
>>> Thanx!
>>>
>>> --
>>>
>>> Awk! Pieces of eight. Pieces of eight. Pieces of seven... ERROR: kernel
>>> panic [parroty error]
>>>
>>>
>>
>
>
> --
> "I'm too sexy for my code." -Awk Sed Fred
>

--
http://www.freelists.org/webpage/oracle-l

Received on Tue Jan 21 2014 - 20:29:19 CET

This message: [ Message body ]
Next message: Mark Bobak: "Re: LENSKART Y is this on Freelists.org ??"
Previous message: Rich Jesse: "RE: how many LIOs is too many"
In reply to: Adric Norris: "Re: verifying network encryption on 11gR2?"
Next in thread: Adric Norris: "Re: verifying network encryption on 11gR2?"
Reply: Adric Norris: "Re: verifying network encryption on 11gR2?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message