Last active
August 29, 2015 14:17
-
-
Save zgardner/0ea0896e2f113ba1df06 to your computer and use it in GitHub Desktop.
Capture Microsoft SQL Server Traffic from Localhost
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1) [Download Microsoft Network Monitor](http://www.microsoft.com/en-us/download/details.aspx?id=4865) | |
| 2) Once installed, go to Tools -> Options -> Parser Profiles. Right click on Windows, and Set as Active. | |
| 3) Obtain the IP address of the DB server. (e.g. 1.1.1.1) | |
| 4) Start a new trace, and use the filter: | |
| IPv4.Address == 1.1.1.1 | |
| 5) Run the code you want to observe the queries from, then stop the capture once finished. | |
| 6) In the process list of the network monitor, go to the executable your application is running from. (e.g. WcfSvcHost.exe) | |
| 7) Expand IPv4, and all of the TCP nodes on the tree. | |
| 8) You should now see TDS nodes under the TCP nodes. | |
| 9) Click on the TDS node, and look at the packets. | |
| 10) Look for packets whose description starts with TDS:SQLBatch or TDS:RPCRequest. | |
| If there are subsequent requests with TCP:[Continuation from #XXX], these are part of the same request. | |
| 11) In the Hex Details at the bottom right, select everything and paste it into a notepad. | |
| 12) Do this for every SQL query you want to observe. | |
| 13) Remove all of the Hex Values, and remove all of the .'s. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment