Malformed Packets-App to MS SQL DB server
New to Wireshark and trying to figure out why i am getting Malformed Packets in the logs. I perform 2 tasks from the application server which communicates to the DB server.
One task- creates a new record Second Task- queries an existing record.
both of them don't return any data from the database server. I ran few wireshark traces and it returns some malformed packets back.
how do you troubleshoot these kind of issues using wireshark? i have read online that malformed packets can be caused by any of these : "Malformed packet means that the protocol dissector can’t dissect the contents of the packet any further. There can be various reasons:
Wrong dissector: Wireshark erroneously has chosen the wrong protocol dissector for this packet. This will happen e.g. if you are using a protocol not on its well known TCP or UDP port. You may try Analyze|Decode As to circumvent this problem. Packet not reassembled: The packet is longer than a single frame and it is not reassembled, see Section 7.8, “Packet Reassembly” for further details. Packet is malformed: The packet is actually wrong (malformed), meaning that a part of the packet is just not as expected (not following the protocol specifications). Dissector is buggy: The corresponding protocol dissector is simply buggy or still incomplete."
however- i am not sure how to complete these tasks. if i can get some advise. would much appreciate it.
Thanks,
H
What is your database server and how is the app communicating with it?
DB is on VMWare- WS 2016-
App server is using SQL to communicate with DB.
I meant as in the database server "application" itself. From your comment I suspect it is MS SQL Server, can you confirm? And how is the application communicating with the server, using SQL Server native libraries or something else such as ODBC?
Can you share a capture with the traffic? You can post the capture on a public share, e.g. Google Drive, DropBox etc. and post a link to it back here. Make sure your capture only contains the traffic to your DB server, i.e. use a capture filter of "host dbservername".
Capturing traffic will provide IP address and some sensitive info which i am not comfortable to share--- what exactly are you looking for?-- yes it is using MS SQL on DB server which is on VM Ware- WS 2016-
Wireshark console display Malformed Packet: TDS in red and below that -
below that there is another view with bunch of characters and numbers on the left side and translation on the right.. e.g.
00 50 56 91 2a e6 00 50 56 91 1b 59 08 00 45 02 - PV.* . . P V . . Y..E.has several similar info following below it---There is a TDS sample capture on the wiki
MS SQL Server protocol - Tabular Data Stream (TDS) ms-sql-tds-rpc-requests.cap (17 KB) RPC requests and a few SQL queries Contributor: Emil Wojak
Frame #6 is displayed as
[Malformed Packet: TDS]