WireShark version 3.0.1 with SQL Server 2014 - Login Part

asked 2022-10-23 20:52:01 +0000

Nei Bala gravatar image

Group

How would I capture the SQL Server login part using WireShark version 3.0.1, where the TDS protocol would not be displayed on the current screen, then I would not know how to display it on the main screen, seeing that within the Software I realized that it is there and it is enabled, I just wouldn't know how to configure it to make this protocol visible. Because I would be messing with WireShark, just recently. So any information or links would help me identify what was missing.

edit retag flag offensive close merge delete

Comments

Why such an old Wireshark version?

Wireshark does dissect TDS traffic, are you running SQL server on the standard port, typically TCP/1433?

grahamb gravatar imagegrahamb ( 2022-10-24 07:50:16 +0000 )edit

grahamb

    Regarding the WireShark version, I had some problems installing it on Windows Server 2008 and seeing that this version worked, so I could do the simulation I would need, I used this one.

    And see if I understand correctly your question about Wireshark, where it doesn't identify TDS traffic, is that right?
    And if so, would it be all versions or would there be a version that could identify this type of Traffic?
    And regarding the SQL Server version, it would be the 2014 version with the default port 1433, in this case would you have any recommendations/tips to pass me on for this configuration ?
Nei Bala gravatar imageNei Bala ( 2022-10-27 23:09:52 +0000 )edit

grahamb

    Seeing your information, I researched a little more and see if on the subject below, which version should I set to the version I would be using at the moment?

Bug 7622 - [Malformed Packet: TDS] DONE token breakout has wrong length

The TDS dissector needs to know what version it is working with. Right click the Tabular Data Stream line in the packet details. Select Protocol Preferences -> TDS Protocol Type and the proper version.

For the sample capture I changed it from Not Specified to TDS 7.1 but seems anything lower than that down to TDS 4.x got rid of the error.

Nei Bala gravatar imageNei Bala ( 2022-10-28 00:07:50 +0000 )edit

Server 2008 has been EOL for a long time, the last version of Wireshark that was recommended for that OS was 2.2

As you have noted, for TDS you have to set the dissector preference to the correct protocol type.

Unfortunately I don't know how to determine the protocol type you are using and capturing, so trial and error with the preference setting seems to be the way forward.

grahamb gravatar imagegrahamb ( 2022-10-28 08:00:06 +0000 )edit

grahamb

Thanks for pointing out the WireShark version as a point of reference.

Regarding the protocol version information, seeing that I would be using SQL Server and the 2014 version, where I would need to capture the SQL Server login part, to identify obsolete routines and that would be using login disabled or no longer current ( Login incorrect. ), then I believe that capturing by TDS Protocol ( Tabular Data Stream ) is the way, there in this part I see the version of my Operating System ( Windows Server 2008 R2 ) and my SQL Server 2014 version, what would be the recommended Protocol version as a starting point ?

Nei Bala gravatar imageNei Bala ( 2022-10-29 00:10:16 +0000 )edit
see more comments