Finding DB2 on the Network

DB2 listens on a number of TCP ports. A default install of DB2 will have two instances, DB2-0 and DB2CTLSV-0, the former listening on TCP port 50000 and the latter on 50001. Finding DB2 on the network could be as simple as doing a TCP port scan looking for these ports. But there's no guarantee that the DB2 instances are actually listening on these ports. It could be that you'd need to scan and probe every port on every host on the network, but doing this takes too long and makes a considerable amount of “noise.” There is a much better way of hunting for DB2 servers on the network. The Database Administration Server (DAS) listens on TCP and UDP port 523 and by sending a single packet to the broadcast address on UDP 523, every DB2 DAS should respond: a quick way of locating servers. The packet the client sends out simply contains


The \x00 represents a NULL byte. The SQL08020 denotes the version of the client — in this case 8.0.2. When the DB2 DAS receives this packet, whether sent directly to the host or to the broadcast address, it replies with its hostname and server version. The following code can be used to find DB2 servers on the network:

#include <stdio.h> #include <windows.h> #include <winsock.h> int QueryDB2Server(void); int StartWinsock(void); struct sockaddr_in s_sa; struct hostent *he; unsigned int addr; int DB2Port=523; char host[260]=""; char request[]="DB2GETADDR\x00SQL08010"; int main(int argc, char *argv[]) { unsigned ...

Get The Database Hacker's Handbook: Defending Database Servers now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.