qvfps
asked on
Help with Wireshark Capture
We are having problems with corruption in one of our SQL databases. Troubleshooting the issue I mirrored the port of a couple of the users who access the database and ran a Wireshark capture.
In one I captured approx 328000 packets. Out of those there are 6 different error messages (31 total)
11 - Malformed FC
7 - Malformed FMTP
2 - Malformed DCERPC
4 - Malformed Smpp
6 - Checksum Ethernet
1 - Malformed SNA
Is this number of errors unusual on a network? Could these be the cause of the database corruption?
I know this is not enough information to give a definitive answer I am just looking as to whether to pursue this or not and where I need to go next to get more information.
In one I captured approx 328000 packets. Out of those there are 6 different error messages (31 total)
11 - Malformed FC
7 - Malformed FMTP
2 - Malformed DCERPC
4 - Malformed Smpp
6 - Checksum Ethernet
1 - Malformed SNA
Is this number of errors unusual on a network? Could these be the cause of the database corruption?
I know this is not enough information to give a definitive answer I am just looking as to whether to pursue this or not and where I need to go next to get more information.
Robert Sutton Jr
Seems more like a communication error.
ASKER
Do you mean the errors in the capture or the Database corruption?
In the capture. Shows a possible communication error while communicating to the db. Also, what version are you using?
ASKER
I am using the most current version. I installed it just before i ran the capture.
ASKER
What would be the next step in further troubleshooting this issue?
I posted this question partly because i ran a capture on my home network and a separate network. Both of these are not having any communications issue but I saw malformed packets on both of those as well and I wasn't sure that 0.000067% malformed packets was really a problem
I posted this question partly because i ran a capture on my home network and a separate network. Both of these are not having any communications issue but I saw malformed packets on both of those as well and I wasn't sure that 0.000067% malformed packets was really a problem
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
a couple of months ago one of my customers had a problem with their database application. One of their users user logged on and opened a job he had been working on only to discover that it was giving him an error and kicking him off. I was in the office that day on an unrelated issue and after they called their customer support who was unable to recover the job we restored it from tape backup. Unfortunately the most current backup was a few days old and he ended up losing multiple days work on a rush project.
Since then it has happened a couple more times. Usually to the same person. They have gone through their support and the most they have discovered is that they are having a problem with database corruption.
I thought it might be a wiring issue so I checked the cabling and it is cat5e. I then connected a managed hub which has a line test utility and ran the line test which returned a pass. I also mirrored a port and connected the PC which has the most issues and ran two captures of ~250 and one of 120 MB. I then repeated this on another computer which uses the same application but has not had the same amount of issues.
I was expecting a lot of communication errors but of the three captures the most errors was on the PC which had not experienced the same amount of issues and it was only 35 out of more than 250,000.
Right now I am going to ask them to replace the PC that is having the most issues and see if that helps. I just dont want to go that route if there is something I am missing. I am obviously not an expert using Wireshark. I was hoping it would show an obvious problem.
Since then it has happened a couple more times. Usually to the same person. They have gone through their support and the most they have discovered is that they are having a problem with database corruption.
I thought it might be a wiring issue so I checked the cabling and it is cat5e. I then connected a managed hub which has a line test utility and ran the line test which returned a pass. I also mirrored a port and connected the PC which has the most issues and ran two captures of ~250 and one of 120 MB. I then repeated this on another computer which uses the same application but has not had the same amount of issues.
I was expecting a lot of communication errors but of the three captures the most errors was on the PC which had not experienced the same amount of issues and it was only 35 out of more than 250,000.
Right now I am going to ask them to replace the PC that is having the most issues and see if that helps. I just dont want to go that route if there is something I am missing. I am obviously not an expert using Wireshark. I was hoping it would show an obvious problem.
ASKER
Thanks for the help. I thought I had closed this already. I had them replace the computer which was having the issues. It was fairly old anyways and I have not heard of any more issues.