如何使用 Wireshark 过滤应用程序和数据库服务器之间的 SQL Server 流量?

2021-12-23 00:00:00 filter sql-server wireshark

我正在尝试确定一些不合时宜的连接重置的来源.我正在尝试使用 Wireshark 来捕获应用程序服务器和数据库服务器之间的流量.如何在 Wireshark 中为此设置过滤器?

I'm trying to identify the source of some ill-timed connection resets. I'm trying to use Wireshark to capture the traffic that goes between the application server and database server. How do I set up a filter for this in Wireshark?

推荐答案

Wireshark 具有显示过滤器和捕获过滤器.捕获过滤器只捕获特定的数据包,导致捕获文件很小.捕获过滤器在捕获选项 (ctrl-K) 中设置.捕获 SQL Server 流量的示例如下:

Wireshark has display filters and capture filters. The capture filter captures only certain packets, resulting in a small capture file. Capture filters are set in Capture Options (ctrl-K). An example to capture SQL Server traffic would be:

host <sql-server-ip> and port <sql-server-port>

在工具栏中设置了显示过滤器.显示过滤器不会减小捕获的大小.您可以在捕获运行时更改显示过滤器.示例显示过滤器:

A display filter is set in the toolbar. A display filter does not reduce the size of the capture. You can change a display filter while the capture is running. An example display filter:

 ip.addr == <sql-server-ip> && tcp.port == <sql-server-port>

默认的 SQL Server 端口是 1433.

The default SQL Server port is 1433.

相关文章