Ethereal-users: [Ethereal-users] Help understanding a collection of packets

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Chris Halverson" <chalverson@xxxxxxxxxxxx>
Date: Wed, 27 Apr 2005 08:55:53 -0500
Title: Help understanding a collection of packets

At the company I work for I was asked to collect some network traffic data from a server running our ERP system that has SQL on it.

Our environment looks like this.  2 clustered SQL servers and 5 servers that grab the data from them. Our users request data through the 5 servers and then the 5 servers process the requests to our SQL servers. We have cisco catalyst 3750's so I setup spanning on the SQL servers to 1 port that I plugged my ethereal box into that port.

I have collected data before, usually on our outside interface of our firewall or the inside interface to see what traffic is coming in or leaving. I have never collected data off a SQL server before and to be quite clear I was taken back by the amount of data that was running through the line. In roughly 41 seconds I collected 300MB of data, with an estimation of about 600000 packets in that time frame. The vast majority of these packets like 99.9% of them were between the SQL server and the 5 servers that it communicates with. The vast majority of the packets were of protocol TDS. I know this is a protocol related to SQL, I guess I am just curious if this is normal for the protcol to be so "chatty"?

The reason I was asked to collect data on this line is because we are having performance issues. When you look at the servers themselves they do not look very busy, cpu usuage and memory usuage are very low. Since I dont know what a SQL servers data should look like I cant really blame the network traffic until I have somthing to compare it against.

If you need more information please let me know and I will do my best to provide you with whatever you need.

Grey