Wireshark-users: Re: [Wireshark-users] MS SQL Server 2005

From: Bill Meier <wmeier@xxxxxxxxxxx>
Date: Thu, 15 Apr 2010 09:53:58 -0400
Sanket Sharma wrote:
Hi everyone,

I've been trying to analyze a performance issue in our network and
eventually traced to a behavior in all our SQL servers. We are running
MS SQL Server 2005 and I ran Wireshark on the server picked up the
following:

1. There are a huge number of packets of type TDS and the "Info"
column reports Response Packet [Malformed Packet].
2. When I view expert info, it says TDS Malformed Packet (Exception
occurred) against those packets.
3. There are a few TDS [TCP retransmission] packets
4. In some of the dumps there were duplicated acknowledgements and
lost segments as well.
5. There are some unknown packet types as well.

I believe 3 and 4 are network related issues, however, I'm concerned
about the 1st one. I read on a few forums that Wireshark does not
fully support Microsoft's version of TDS. Is that true? Is it
reporting malformed packets because it does not supports TDS for SQL
Server 2005 or is it really something with the SQL Server/Network?

I have attached a tiny dump for you guys to look at and I would
appreciate any  help.



A quick look suggests that the [Malformed Packet] messages are probably because Wireshark dissection of Microsoft TDS isn't being done well.

If you are having performance problems, I'd focus on things like the response times to queries and so forth rather than upon the innards of the TDS packets.