[Winpcap-users] RE: Capture SQL command (Lam Hong Bac)

Mark Buchanan Mark.Buchanan at giffels.com
Tue Mar 4 15:32:52 GMT 2008

In a one line sentence - "A lot of hard work"

I have used WinPCAP to reverse engineer 3 different communication
protocols then reproduce them packet by packet. The process requires a
lot of patience and hard work by examining every byte of every packet
and looking for the data structure of each command and response.

The approach is simple:

Using an existing working system:
Figure out all the packets required for connection/disconnect.
Using a simple command to (e.g. read one item from the DB) capture the
packets and separate out the data portion from all the connection
Modify the command slightly and compare byte by byte the difference in
the two packet capture files.

I don't know anything about SQL communication - likely much more complex
than the protocols that I have had the pleasure of cracking (which were
industrial in nature - therefore somewhat simple).

Good Luck!

Message: 1
Date: Tue, 4 Mar 2008 09:06:50 +0700
From: "Lam Hong Bac" <lamhong.bac at gmail.com>
Subject: [Winpcap-users] Capture SQL command
To: winpcap-users at winpcap.org
	<ab3fd01f0803031806yb45a45bq7180b7591ce8048 at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Dear all,

Can you guide me how to capture SQL command send from and to SQL server

Thanks & Regards

Mark Buchanan

Senior Engineer, Controls Systems
Giffels Associates Limited

Mark.Buchanan at giffels.com |  T 416 675 9750 Ext. 5253  |  F 416 798 5559  |  giffels.com

    This communication is intended solely for the addressee(s) and contains information that is privileged, confidential
    and subject to copyright. Any unauthorized use, copying, review or disclosure is prohibited. If received in error,
    please notify us immediately by return e-mail.


More information about the Winpcap-users mailing list