Ethereal-dev: Re: [Ethereal-dev] TDS decoding

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Brian Bruns <camber@xxxxxxx>
Date: Tue, 20 Nov 2001 20:51:51 -0500 (EST)
On Tue, 20 Nov 2001, Guy Harris wrote:

> > I could also dig into the TDS login packet to establish that it is a valid 
> > netlib stream and stash the IP and port number(s) somewhere to validate 
> > against later packets.
> 
> What would you do if it doesn't match?
> 
> I.e., what is the purpose for doing so?

If the port is 1433, or I've seen a login packet come through with the 
port, I can be assured (well as good as it gets) that the thing at IP 
address X and port Y is a SQL Server and I can automatically decode it.

If not (someone started the trace in the middle of a stream), then it 
would have to be decoded using "Decode As..." because there is a 
significant chance that I could mistakenly identify the stream as netlib 
with only 4 bytes to work with.

I think that is the safest approach.

Cheers,

Brian