Due to the internal details of the Oracle database is not open, it is necessary to resolve the Oracle network communication protocol TNS when performing security audits. The existing TNS protocol analysis level is not deep enough to cover the servers, clients, operating systems, and protocols versions. And common protocol reversing tools are not good at payload analysis. This study proposes a universal TNS protocol analytical solution according to common servers, clients, and protocol versions under windows and linux operating systems. Method of data mining is used for message segments with much bytes meaning unknown, and can gives fields that affect the message structure automatically. The application in the actual system shows that the proposed scheme can effectively analyze the large amount of data collected in the field, and extract the SQL statement from the request message.After the post-correction, all packets can be parsed without any exception.