Wireshark: Capture SQL Traffic

From OnnoWiki
Revision as of 11:18, 18 April 2017 by Onnowpurbo (talk | contribs)
Jump to navigation Jump to search

Kadang kala kita perlu menangkap komunikasi antara server Web dengan database server. Melalui wireshark kita data memfilter 

Capture Options (ctrl-K).



Wireshark has display filters and capture filters. The capture filter captures only certain packets, resulting in a small capture file. Capture filters are set in Capture Options (ctrl-K). An example to capture SQL Server traffic would be: 

host <sql-server-ip> and port <sql-server-port>

A display filter is set in the toolbar. A display filter does not reduce the size of the capture. You can change a display filter while the capture is running. An example display filter: 

ip.addr == <sql-server-ip> && tcp.port == <sql-server-port>

The default SQL Server port is 1433.


You can use only tds to identify the traffic between SQL Server's client and server, this fill filter a lot of noise packet.

Or you can append the tds with the and or && operator after other filters if you want to filter more specific traffic.


Referensi

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=Wireshark:_Capture_SQL_Traffic&oldid=47682"