Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

vb.net. Extracting SQL traffic from network sniffing

Posted on 2008-10-30
3
Medium Priority
?
693 Views
Last Modified: 2013-11-08
Hi Experts, I have taken code snippets from books and the internet and plagurised my way into running code that displays TCP network traffic in a windows form. I would like to display only the SQL traffic (layer 5) and pass it to a client via System.Net.Sockets.
Everything works, but I cannot find a way to extract just the SQL from the TCP.

For now I'd like to just display the SQL in the windows list box "lbPackets" -- Any ideas?

The example code that I have used as my base for the TCP sniffing is shown below: (taken from "Network Programming.Net with C# and VB.Net 2004, ISBN: 1-55558-315-6)


Public Sub Run()
        Control.CheckForIllegalCrossThreadCalls = False
        Dim len_receive_buf As Integer = 4096
        Dim len_send_buf As Integer = 4096
        Dim receive_buf() As Byte = New Byte(len_receive_buf) {}
        Dim send_buf() As Byte = New Byte(len_send_buf) {}
        Dim cout_receive_bytes As Integer
        Dim socket As Socket = New Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP)
        socket.Blocking = False
 
        Dim IPHost As IPHostEntry = Dns.GetHostEntry(Dns.GetHostName())
        socket.Bind(New IPEndPoint(IPAddress.Parse(IPHost.AddressList(0).ToString()), 0))
        socket.SetSocketOption(SocketOptionLevel.IP, SocketOptionName.HeaderIncluded, 1)
 
        Dim bIN As Byte() = New Byte() {1, 0, 0, 0}
        Dim bOUT As Byte() = New Byte() {0, 0, 0, 0}
        Dim SIO_RCVALL As Integer = &H98000001
        Dim ret_code As Integer = socket.IOControl(SIO_RCVALL, bIN, bOUT)
 
        Do
            Dim ar As IAsyncResult = socket.BeginReceive(receive_buf, 0, len_receive_buf, SocketFlags.None, Nothing, Me)
            cout_receive_bytes = socket.EndReceive(ar)
            Receive(receive_buf, cout_receive_bytes)
        Loop
 
    End Sub
 
    Public Sub Receive(ByVal buf As Byte(), ByVal len As Integer)
        If buf(9) = 6 Then
            lbPackets.Items.Add(Encoding.ASCII.GetString(buf).Replace(Chr(0), " "))
        End If
    End Sub

Open in new window

0
Comment
Question by:jamesspo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 15

Expert Comment

by:David L. Hansen
ID: 22847931
why do you want to be "sniffing a network"?????
0
 

Author Comment

by:jamesspo
ID: 22848156
I'm not trying to "sniff the network". The sample code that I have attached does that already. I'm asking "How do I extract SQL from the TCP capture"?

If it really matters to you I am trying to collect SQL on-the-fly, to determine performance characteristics and query quality, without using SQL profiling or logging.

Thanks for your interest.

0
 

Accepted Solution

by:
jamesspo earned 0 total points
ID: 22862341
OK - If ound the answer last night thannks to a few hours with Wireshark.

Just look for the TDS data in the TCP packet. Queries are identifed with bytes 0101 and responses 0104.

Easy.... (grrrr)
0

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For those of you who don't follow the news, or just happen to live under rocks, Microsoft Research released a beta SDK (http://www.microsoft.com/en-us/download/details.aspx?id=27876) for the Xbox 360 Kinect. If you don't know what a Kinect is (http:…
A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question