Solved

vb.net. Extracting SQL traffic from network sniffing

Posted on 2008-10-30
3
672 Views
Last Modified: 2013-11-08
Hi Experts, I have taken code snippets from books and the internet and plagurised my way into running code that displays TCP network traffic in a windows form. I would like to display only the SQL traffic (layer 5) and pass it to a client via System.Net.Sockets.
Everything works, but I cannot find a way to extract just the SQL from the TCP.

For now I'd like to just display the SQL in the windows list box "lbPackets" -- Any ideas?

The example code that I have used as my base for the TCP sniffing is shown below: (taken from "Network Programming.Net with C# and VB.Net 2004, ISBN: 1-55558-315-6)


Public Sub Run()

        Control.CheckForIllegalCrossThreadCalls = False

        Dim len_receive_buf As Integer = 4096

        Dim len_send_buf As Integer = 4096

        Dim receive_buf() As Byte = New Byte(len_receive_buf) {}

        Dim send_buf() As Byte = New Byte(len_send_buf) {}

        Dim cout_receive_bytes As Integer

        Dim socket As Socket = New Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP)

        socket.Blocking = False
 

        Dim IPHost As IPHostEntry = Dns.GetHostEntry(Dns.GetHostName())

        socket.Bind(New IPEndPoint(IPAddress.Parse(IPHost.AddressList(0).ToString()), 0))

        socket.SetSocketOption(SocketOptionLevel.IP, SocketOptionName.HeaderIncluded, 1)
 

        Dim bIN As Byte() = New Byte() {1, 0, 0, 0}

        Dim bOUT As Byte() = New Byte() {0, 0, 0, 0}

        Dim SIO_RCVALL As Integer = &H98000001

        Dim ret_code As Integer = socket.IOControl(SIO_RCVALL, bIN, bOUT)
 

        Do

            Dim ar As IAsyncResult = socket.BeginReceive(receive_buf, 0, len_receive_buf, SocketFlags.None, Nothing, Me)

            cout_receive_bytes = socket.EndReceive(ar)

            Receive(receive_buf, cout_receive_bytes)

        Loop
 

    End Sub
 

    Public Sub Receive(ByVal buf As Byte(), ByVal len As Integer)

        If buf(9) = 6 Then

            lbPackets.Items.Add(Encoding.ASCII.GetString(buf).Replace(Chr(0), " "))

        End If

    End Sub

Open in new window

0
Comment
Question by:jamesspo
  • 2
3 Comments
 
LVL 15

Expert Comment

by:David L. Hansen
ID: 22847931
why do you want to be "sniffing a network"?????
0
 

Author Comment

by:jamesspo
ID: 22848156
I'm not trying to "sniff the network". The sample code that I have attached does that already. I'm asking "How do I extract SQL from the TCP capture"?

If it really matters to you I am trying to collect SQL on-the-fly, to determine performance characteristics and query quality, without using SQL profiling or logging.

Thanks for your interest.

0
 

Accepted Solution

by:
jamesspo earned 0 total points
ID: 22862341
OK - If ound the answer last night thannks to a few hours with Wireshark.

Just look for the TDS data in the TCP packet. Queries are identifed with bytes 0101 and responses 0104.

Easy.... (grrrr)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Icons and Colors for Terms 3 24
Runtime Exceptions when trying to submit data 28 37
Error on Add method 1 38
consuming an asmx web service in winforms application 3 24
The ECB site provides FX rates for major currencies since its inception in 1999 in the form of an XML feed. The files have the following format (reducted for brevity) (CODE) There are three files available HERE (http://www.ecb.europa.eu/stats/exch…
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now