How to detect SQL packet on network

[getmein]

Hi,

I have been trying to detect SQL packets on the Network based on the port number. But the Port number is configurable, so it does not yield results. Can some one tell me, how to detect a SQL packet or any standard document/RFC that gives details of SQL Packet header.

Many Thanks,
Pankaj

 

[KSM]

M$ SQL use port 1433 but I haven't see any sniffer program that capture particular tcp port. If you just want to count sql packets you can try extended access list on router to do that. make sure you open any thing at the end of access list.

 

[Guest_imported]

Point to make if you are sniffing on your network; is your network switched or repeated - if repeated you shouldnt have any problems - if switched you must be patched into a mirrored port using a permiscuous network card, this will enable you to sniff traffic from all sources/destinations else you will only be able to sniff the packets sent to and from your station, and broadcasts. (if that helps)

 

[peterve]

if you have a unix box,
run 'tcpdump port 1433'
and you will see all SQL traffic --------------------------------------------------------------------
How can I believe in God when just last week I got my tongue caught in the roller of an electric typewriter?
---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------