Wireshark-users: [Wireshark-users] MS SQL Server 2005

From: Sanket Sharma <sanketsharma@xxxxxxxxx>
Date: Thu, 15 Apr 2010 12:43:24 +0200
Hi everyone,

I've been trying to analyze a performance issue in our network and
eventually traced to a behavior in all our SQL servers. We are running
MS SQL Server 2005 and I ran Wireshark on the server picked up the
following:

1. There are a huge number of packets of type TDS and the "Info"
column reports Response Packet [Malformed Packet].
2. When I view expert info, it says TDS Malformed Packet (Exception
occurred) against those packets.
3. There are a few TDS [TCP retransmission] packets
4. In some of the dumps there were duplicated acknowledgements and
lost segments as well.
5. There are some unknown packet types as well.

I believe 3 and 4 are network related issues, however, I'm concerned
about the 1st one. I read on a few forums that Wireshark does not
fully support Microsoft's version of TDS. Is that true? Is it
reporting malformed packets because it does not supports TDS for SQL
Server 2005 or is it really something with the SQL Server/Network?

I have attached a tiny dump for you guys to look at and I would
appreciate any  help.


Regards,
Sanket

Attachment: MS SQL Dump - Wireshark community.pcap
Description: Binary data