Solved

Malformed TDS response packet on SQL Server Packets

Posted on 2008-06-19
7
11,679 Views
Last Modified: 2011-10-19
Capturing network frames behind a SQL server 2005 NIC i get 70% of them being:

TDS      Response Packet[Malformed Packet]

It seems to affect Network requesting from that SQL server.

Anyone got a clue on what's going on ?

TCP is clear, only the TDS encapsuled in seems malformed.

Regards,

ws-capture.txt
0
Comment
Question by:elbosito
  • 4
  • 2
7 Comments
 
LVL 28

Assisted Solution

by:Bill Bach
Bill Bach earned 230 total points
ID: 21826555
Are you actually getting errors or having other issues?  It could be as simple that you are using a version of the TDS protocol that your network analyzer is unable to decode.  I assume that you used Wireshark?  Are you using the current version from www.wireshork.org?
0
 

Author Comment

by:elbosito
ID: 21829217
I used the latest version. is there a decode somewhere i can get?
ws-version.pdf
0
 
LVL 28

Accepted Solution

by:
Bill Bach earned 230 total points
ID: 21831594
For decode, start here:
    http://www.freetds.org/tds.html
Note that the Docs go only through SQLServer 2005, and may have been interpretted after the fact.  The only definitive answer is the Microsoft Source code that creates the packets.  Obviously, if the decoder in WireShark is wrong, you'll need to perform a manual decode of the packet and see if it really is mangled.

I also found this in my searches:
    http://www.microsoft.com/technet/security/bulletin/ms99-059.mspx
It's old, but might be applicable.
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 

Assisted Solution

by:PeterMiska
PeterMiska earned 20 total points
ID: 21854154
I've been tracking down SQL Server Crashes for the past week.  They occured every 12 hours.  MS suggested tracing traffic to and from the server.  Wireshark reported malformed RPC packets for the TDS protocol.  What a dead end that turned out to be.

After reading  BillBachs post I checked the Wirehark bugs list, and sure enough TDS isn't parsed correctly for SQL Server 2005.  The bug wasn't addressed in version 1.0.

When we turned off replication the problems, SQL Server crashes stopped.

Anyone have a clue whay?  Yes, I'm being lazy.
0
 
LVL 28

Assisted Solution

by:Bill Bach
Bill Bach earned 230 total points
ID: 21854952
Sounds like a problem with replication.  ;-)

As a question of SQLServer replication crashing will likely field an entirely different set of experts, you may wish to post this as a separate thread.
0
 

Author Comment

by:elbosito
ID: 21855619
does the problem PeterMiska has affect my Problems?
0
 
LVL 28

Assisted Solution

by:Bill Bach
Bill Bach earned 230 total points
ID: 21855659
Sorry -- didn't look at the poster name.  Are you running replication, too?  

If Wireshark doesn't decode TDS correctly, then perhaps one of the other analyzers will, such as Observer or Wildpackets EtherPeek.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Using examples as well as descriptions, and references to Books Online, show the documentation available for date manipulation functions and by using a select few of these functions, show how date based data can be manipulated with these functions.
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question