如何使用wireshark解码SQL Server流量?

本文介绍了如何使用wireshark解码SQL Server流量?的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我可以使用wireshark捕获数据包，但我无法将流解码为任何可理解的内容.

WireShark 错误数据库中的

NMDecrypt:nmdecrypt.codeplex/releases/view/85581

I can capture the packets using wireshark, but I can't decode the stream into anything intelligible.

This item in the WireShark bug database suggests that maybe this isn't possible in SQL Server 2005 or newer. But several people on Stack Overflow claimed this was a good method in answers to this question:

How to validate SQL Server traffic is encrypted?

Any help appreciated.

解决方案

Edit (2017-05-02): Microsoft Network Monitor - has been replaced by Microsoft Message Analyzer - which serves the same purpose. See also comment below this answer or the answer further down for how to use it!

Note: Microsoft Message Analyzer was deprecated in late 2019, and is no longer available for download.

Original Answer

There is another much underrated tool from Microsoft itself: 'Microsoft Network Monitor'. Basically this is very similar to wireshark with the exception that some specific MS protocols have better parser and visualisation support than wireshark itself and obviously it would only run under windows ;-).

The tool is quite old and looks abandoned (havn't seen a newer release so far) but still does an good job and the grammar for defining new protocols is quite neat/interesting - so this still possess a lot of power for the future.

Analysis Example - Recording is filtered for TDS - so the other packets are discared mostly:

This is also true for sql server connections. The MNM can even visualize the resultsets going over the wire - quite neat. Nonetheless wireshark as mentioned above would be sufficient to validate encryption and applied certificates on the wire itself. Means it can understand the TDS-Protocoll fully.

Handling TLS

Also with an extension (so called experts) 'NmDecrypt' and the right certificates (including private keys) - it is possible to decrypt protocolls - quite nice for TDS which uses TLS INSIDE of TDS - no wonder - no one has really implemented that yet as a fully supported protocoll for wireshark ;)

So far - regarding MSSQL-Traffic - or to be more precice TDS-Protocol this is the best tool I've come across so far. Wireshark is cool - but in this case MNM is 'better'. Have phun! ;)

Links for the tools:

• Microsoft Network Monitor: www.microsoft/en-us/download/details.aspx?id=4865
• NMDecrypt: nmdecrypt.codeplex/releases/view/85581