Tips on Using WireShark (Ethereal) to Analyse Network Packet Trace Files
(Doc ID 416946.1)
Last updated on DECEMBER 04, 2017
Applies to:Oracle Net Services - Version 188.8.131.52 to 184.108.40.206
COREid Identity - Version 220.127.116.11 to 10.1.4.3.0
Oracle Application Server Single Sign-On - Version 9.0.4 to 10.1.4.3 [Release 10gR1 to 10gR3]
COREid Access - Version 18.104.22.168 to 10.1.4.3.0
Oracle Virtual Directory - Version 10.1.4 to 22.214.171.124.0 [Release 10gR3 to 11g]
Information in this document applies to any platform.
This article is a few tips for on using WireShark to analyze network packet trace.
It also has some tips on how to collect network packet trace to analyze a problem.
Network packet trace can help considerably in diagnosing problems with any components that use network communications. It will show what is really sent and received rather than just what the application or component interprets what it sent or received. It is also possible, when trace is collected for both ends of a connection, to establish if what was sent was received unmodified or not.
For example network packet trace will show a lot more detail for LDAP requests than any LDAP servers own trace logging facility, though of course the LDAP servers own trace might also show other processing information that is not present in the actual requests.
Network packet trace will show more detail and is more reliable and complete than most HTTP header trace tools. It can also be used on the server side as well the the browser.
Only non-SSL packets can be formatted, but even for SSL connections a packet trace can be useful to diagnose SSL connection handshake problems. Though is some cases it is possible to use a tool like ssldump to analyze SSL traffic and RSA encrypted SSL packets can be analyzed using WireShark version 0.99.6 or above, see article 452164.1.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!