0

I want to start off by stating that I am not a network person, so I don't know how severe these warnings / errors are. The service that is running appears to be creating a bunch of "invalid data type" warnings which show up as "malformed packets" in the Wireshark trace. The WireShark trace is way too large to attach here, but I will post key components to it.

In Wireshark, when I click on "Expert Information", it shows me a list of packets. A certain "Warning" appears called "Invalid data type". When I expand this warning, there are a bunch of "Remote Procedure Call[Malformed Packet] / Protocol / TDS entries.

I click on the first one and it takes me directly to this packet in the trace. When there, it shows that a "Parameter" has an invalid length.

Name length: 62 Name: Name: \340\240\213@ENDTIME\342\250\200\340\240\207\350\274\240\341\204\276\346\225\226\340\254\276\344\200\211\344\270\200\345\224\200\344\264\200\345\220\200\345\210\200\344\204\200\344\270\200\345\214\200 Type info (Invalid data type: 00)

If I copy this "as printable text", it shows a bunch of random characters:

@ENDTIME* >Ve> @NUMTRANS& @NUMPAGES& @NUMCHECKS&@BATC

I don't know where the "* >Ve>" is coming from. It most certainly is not in the code.

If I back up to the first parameter passed in for this packet, it gives me the entire query that is causing the problem.

Length: 552 Data [truncated]: Insert Into stats.FFX_BATCHINFO(BATCHNUMBER, BATCHTYPE, SCANSTATIONID, SCANUSERID, STARTTIME, ENDTIME, NUMTRANS, NUMPAGES, NUMCHECKS, BATCHTOTAL) Values(@BATCHNUMBER, @BATCHTYPE, @SCANSTATIONID, @SCANUSERID, @STARTTIME,

I also noticed that the query above it stops at @STARTTIME. The very next parameter according to the code is @ENDTIME which is the parameter it appears to have a problem with.

The code for this query is as shown below:

string query = string.Format("Insert Into {0}(BATCHNUMBER, BATCHTYPE, SCANSTATIONID, SCANUSERID, STARTTIME, ENDTIME"
                                    + ", NUMTRANS, NUMPAGES, NUMCHECKS, BATCHTOTAL, SOLUTIONINTERNALID"
                                    + ")"
                                    + " Values(" + 
dbManager.ParamName("BATCHNUMBER") + ", " + dbManager.ParamName("BATCHTYPE") + ", " + dbManager.ParamName("SCANSTATIONID")
                                    + ", " + 
dbManager.ParamName("SCANUSERID") + ", " + dbManager.ParamName("STARTTIME") + ", " + dbManager.ParamName("ENDTIME")
                                    + ", " + 
dbManager.ParamName("NUMTRANS") + ", " + dbManager.ParamName("NUMPAGES") + ", " + dbManager.ParamName("NUMCHECKS")
                                     + ", " + dbManager.ParamName ("BATCHTOTAL") + ", " + dbManager.ParamName ("SOLUTIONINTERNALID")
                                    + ")", GlobalUtil.TableWithSchema ( "FFX_BATCHINFO"));

dbManager.OpenConnection();
dbManager.BeginTransaction();
IDbCommand idbCommand = null;

idbCommand = dbManager.GetCommand(CommandType.Text, query);

idbCommand.Parameters.Add(dbManager.CreateParam("@BATCHNUMBER", DbType.String, batchInfo.BATCHNUMBER));
idbCommand.Parameters.Add(dbManager.CreateParam("@BATCHTYPE", DbType.String, batchInfo.BATCHTYPE));

idbCommand.Parameters.Add(dbManager.CreateParam("@SCANSTATIONID", DbType.String, batchInfo.SCAN_STATIONID));
idbCommand.Parameters.Add(dbManager.CreateParam("@SCANUSERID", DbType.String, batchInfo.SCAN_USERID));
idbCommand.Parameters.Add(dbManager.CreateParam("@STARTTIME", DbType.DateTime2, batchInfo.STARTTIME));
idbCommand.Parameters.Add(dbManager.CreateParam("@ENDTIME", DbType.DateTime2, batchInfo.ENDTIME));
idbCommand.Parameters.Add(dbManager.CreateParam("@NUMTRANS", DbType.Int32, batchInfo.NUMTRANS));
idbCommand.Parameters.Add(dbManager.CreateParam("@NUMPAGES", DbType.Int32, batchInfo.NUMPAGES));
idbCommand.Parameters.Add(dbManager.CreateParam("@NUMCHECKS", DbType.Int32, batchInfo.NUMCHECKS));
idbCommand.Parameters.Add(dbManager.CreateParam("@BATCHTOTAL", DbType.Double, batchInfo.BATCHTOTAL));

idbCommand.Parameters.Add(dbManager.CreateParam("@SOLUTIONINTERNALID", DbType.Int64, batchInfo.SOLUTIONINTERNALID));

dbManager.ExecuteNonQuery();

dbManager.DisposeCommand();
dbManager.CommitTransaction();

So, I don't know how or where the random characters are getting attached to the parameter in the packet.

Any help would be appreciated.

Additional information:

  • Service is using .Net Framework 4.
  • The service runs on Windows Server 2012 R2.
  • The database it connects to is SQL Server 2014.
marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Ryan Anderson
  • 1
  • 1
  • The Wireshark TDS dissector is very out of date and buggy and has certainly not been updated to handle the most recent versions of the protocol (aside from having some basic issues with reassembling split packets, last time I saw it). It cannot really be relied on to interpret packet contents consistently. Unless your client or server actually issue errors about a problem with the TDS protocol stream, all you've found is trouble in Wireshark. To trace SQL activity, prefer SQL Profiler. – Jeroen Mostert Jun 26 '18 at 14:12
  • There is **no** SQL Server **2014 R2** version - only **2014** - fixed. – marc_s Jul 06 '18 at 08:50

0 Answers0