microsoft
diff --git a/‎SQL_Network_Analyzer/.vs/SQLNetworkAnalyzer/v15/.suo‎
6.5 KB b/‎SQL_Network_Analyzer/.vs/SQLNetworkAnalyzer/v15/.suo‎
6.5 KB
diff --git a/‎SQL_Network_Analyzer/.vs/SQLNetworkAnalyzer/v15/Server/sqlite3/storage.ide‎
8 KB b/‎SQL_Network_Analyzer/.vs/SQLNetworkAnalyzer/v15/Server/sqlite3/storage.ide‎
8 KB
diff --git a/‎SQL_Network_Analyzer/.vs/SQLNetworkAnalyzer/v15/Server/sqlite3/storage.ide-shm‎
0 Bytes b/‎SQL_Network_Analyzer/.vs/SQLNetworkAnalyzer/v15/Server/sqlite3/storage.ide-shm‎
0 Bytes
diff --git a/‎SQL_Network_Analyzer/.vs/SQLNetworkAnalyzer/v15/Server/sqlite3/storage.ide-wal‎
0 Bytes b/‎SQL_Network_Analyzer/.vs/SQLNetworkAnalyzer/v15/Server/sqlite3/storage.ide-wal‎
0 Bytes
diff --git a/‎SQL_Network_Analyzer/SQLNA/ConversationData.cs‎
Lines changed: 51 additions & 3 deletions b/‎SQL_Network_Analyzer/SQLNA/ConversationData.cs‎
Lines changed: 51 additions & 3 deletions
diff --git a/‎SQL_Network_Analyzer/SQLNA/FrameData.cs‎
Lines changed: 79 additions & 6 deletions b/‎SQL_Network_Analyzer/SQLNA/FrameData.cs‎
Lines changed: 79 additions & 6 deletions
@@ -75,6 +75,9 @@ public class ConversationData              //               - constructed in Get
         public int resetCount = 0;      //               - accumulated in ParseTCPFrame - can be in combination with other flags
         public int synCount = 0;        //               - accumulated in ParseTCPFrame - can be in combination with other flags
         public int finCount = 0;        //               - accumulated in ParseTCPFrame - can be in combination with other flags
+        public bool hasClientFin = false;           //   - set in ParseTCPFrame
+        public bool hasServerFin = false;           //   - set in ParseTCPFrame
+        public bool hasServerFinFirst = false;      //   - set in ParseTCPFrame - used to determine whether the server closed the conversation
         public int smpSynCount = 0;     //               - accumulated in ParseTCPFrame
         public int smpAckCount = 0;     //               - accumulated in ParseTCPFrame
         public int smpFinCount = 0;     //               - accumulated in ParseTCPFrame
@@ -202,7 +205,7 @@ public bool hasLoginFailure     // TODO this needs work one of the OR-ed flags b
                 }
                 else
                 {
-                    if (hasApplicationData == true  && synCount == 0 && hasPrelogin == false && hasPreloginResponse == false &&
+                    if (hasApplicationData == true && synCount == 0 && hasPrelogin == false && hasPreloginResponse == false &&
                         hasClientSSL == false && hasServerSSL == false && hasKeyExchange == false && hasCipherExchange == false &&
                         hasNTLMChallenge == false && hasNTLMResponse == false && frames.Count > (4 + 2 * keepAliveCount + rawRetransmits))
                     {
@@ -220,6 +223,20 @@ public bool hasLoginFailure     // TODO this needs work one of the OR-ed flags b
             }
         }
 
+        //
+        // Did this conversation even manage to contact the server, let alone login.
+        // Needs at least one SYN packet to show the start of the conversation.
+        // Cannot have any PUSH flags for application payload.
+        // ACK + RESET + FIN are optionally allowed
+        //
+        public bool hasSynFailure
+        {
+            get
+            {
+                return (synCount > 0 && pushCount ==0);
+            }
+        }
+
         public long LoginDelay(string step, long firstFrameTick)   // times are in ticks, if prior packet time is unknown - timed to start of trace
         {
             long notPresent = (long)(-1 * utility.TICKS_PER_MILLISECOND);  // this value means a blank in the report instead of a 0.
@@ -245,7 +262,7 @@ public bool hasLoginFailure     // TODO this needs work one of the OR-ed flags b
             if (SSPITime != 0) priorTick = SSPITime;
             if (step == "NC") return NTLMChallengeTime == 0 ? notPresent : NTLMChallengeTime - priorTick;
             if (NTLMChallengeTime != 0) priorTick = NTLMChallengeTime;
-            if (step == "NR") return NTLMResponseTime == 0 ? notPresent : NTLMResponseTime-priorTick;
+            if (step == "NR") return NTLMResponseTime == 0 ? notPresent : NTLMResponseTime - priorTick;
             if (NTLMResponseTime != 0) priorTick = NTLMResponseTime;
             if (step == "LA") return LoginAckTime == 0 ? notPresent : LoginAckTime - priorTick;
             if (LoginAckTime != 0) priorTick = LoginAckTime;
@@ -376,12 +393,43 @@ public string loginFlags
                            (hasNTLMChallenge ? "NC " : "   ") +
                            (hasNTLMResponse ? "NR " : "   ") +
                            (hasSSPI ? "SS " : "   ") +
-                           (ErrorTime !=0 ? "ER" : "  ");
+                           (ErrorTime != 0 ? "ER" : "  ");
 
                 return s;
             }
         }
 
+        public string GetPacketList(int start, int length)
+        {
+            string s = "";
+            for (int i = start; i < start + length; i++) s += ((FrameData)frames[i]).PacketTypeAndDirection + " ";
+            return s.TrimEnd();
+        }
+
+        public string GetLastPacketList(int length)
+        {
+            if (length > frames.Count)
+            {
+                return GetPacketList(0, frames.Count);
+            }
+            else
+            {
+                return GetPacketList(frames.Count - length, length);
+            }
+        }
+
+        public string GetFirstPacketList(int length)
+        {
+            if (length > frames.Count)
+            {
+                return GetPacketList(0, frames.Count);
+            }
+            else
+            {
+                return GetPacketList(0, length);
+            }
+        }
+
         public string ColumnHeader1()
         {
             string s = "";
 
@@ -18,6 +18,33 @@ namespace SQLNA
     // Should probably be in a side collection in each regular frame, so we do not bloat the conversation itself.
     //
 
+    public enum FrameType
+    {
+        PreLogin = 1,                                     // set in ProcessTDS
+        PreLoginResponse,                                 // set in ProcessTDS
+        ClientHello,                                      // set in ProcessTDS
+        ServerHello,                                      // set in ProcessTDS
+        KeyExchange,                                      // set in ProcessTDS
+        CipherChange,                                     // set in ProcessTDS
+        ApplicationData,                                  // set in ProcessTDS
+        Login7,                                           // set in ProcessTDS - we should never see this in the raw, should be ApplicationData instead
+        SSPI,                                             // set in ProcessTDS
+        NTLMChallenge,                                    // set in ProcessTDS
+        NTLMResponse,                                     // set in ProcessTDS
+        LoginAck,                                         // set in ProcessTDS
+        LoginError,                                       // set in ProcessTDS
+        Attention,                                        // set in ProcessTDS
+        SQLBatch,                                         // set in ProcessTDS
+        RPCRequest,                                       // set in ProcessTDS
+        XactMgrRequest,                                   // set in ProcessTDS
+        XActMgrReply,                                     // placeholder
+        CommandError,                                     // set in ProcessTDS
+        TabularResponse,                                  // set in ProcessTDS
+        SMPAck,                                           // set in ParseTCPFrame
+        SMPSyn,                                           // set in ParseTCPFrame
+        SMPFin                                            // set in ParseTCPFrame
+    }
+
     public class FrameData                                // constructed in ParseOneFile
     {
         public ConversationData conversation = null;      // set in ParseIPV4Frame and ParseIPV6Frame
@@ -36,6 +63,7 @@ public class FrameData                                // constructed in ParseOne
         public ushort smpSession = 0;                     // set in ParseTCPFrame
         public byte smpType = 0;                          // set in ParseTCPFrame
         public byte[] payload = null;                     // set in ParseTCPFrame and ParseUDPFrame
+        public FrameType frameType = 0;                   // set in ProcessTDS
         public bool isKeepAliveRetransmit = false;        // set in FindKeepAliveRetransmits
         public ushort kaRetransmitCount = 0;              // set in FindKeepAliveRetransmits
         public bool isRetransmit = false;                 // set in FindRetransmits
@@ -106,6 +134,51 @@ public bool hasRESETFlag
             get { return (flags & (byte)TCPFlag.RESET) != 0; }
         }
 
+        public string PacketType
+        {
+            get
+            {
+                switch (frameType)
+                {
+                    case FrameType.ApplicationData:      return "AD";
+                    case FrameType.Attention:            return "ATTN";
+                    case FrameType.CipherChange:         return "CE";
+                    case FrameType.ClientHello:          return "CH";
+                    case FrameType.CommandError:         return "ERR";
+                    case FrameType.KeyExchange:          return "KE";
+                    case FrameType.Login7:               return "L7";
+                    case FrameType.LoginAck:             return "LA";
+                    case FrameType.LoginError:           return "ER";
+                    case FrameType.NTLMChallenge:        return "NC";
+                    case FrameType.NTLMResponse:         return "NR";
+                    case FrameType.PreLogin:             return "PL";
+                    case FrameType.PreLoginResponse:     return "PR";
+                    case FrameType.RPCRequest:           return "RPC";
+                    case FrameType.ServerHello:          return "SH";
+                    case FrameType.SMPAck:               return "SmpA";
+                    case FrameType.SMPFin:               return "SmpF";
+                    case FrameType.SMPSyn:               return "SmpS";
+                    case FrameType.SQLBatch:             return "BAT";
+                    case FrameType.SSPI:                 return "SS";
+                    case FrameType.TabularResponse:      return "DATA";
+                    case FrameType.XactMgrRequest:       return "TX";
+                    default:
+                        {
+                            if (isKeepAlive) return "KA";
+                            return FormatFlags("");
+                        };
+                }
+            }
+        }
+
+        public string PacketTypeAndDirection
+        {
+            get
+            {
+                return (isFromClient ? ">" : "<") + PacketType;
+            }
+        }
+
 
         public string ColumnHeader1()
         {
@@ -163,14 +236,14 @@ public string ColumnData()
             }
         }
 
-        public string FormatFlags()
+        public string FormatFlags(string filler = ".")
         {
             string s = "";
-            s += ((flags & (byte)TCPFlag.ACK) != 0) ? "A" : ".";
-            s += ((flags & (byte)TCPFlag.PUSH) != 0) ? "P" : ".";
-            s += ((flags & (byte)TCPFlag.RESET) != 0) ? "R" : ".";
-            s += ((flags & (byte)TCPFlag.SYN) != 0) ? "S" : ".";
-            s += ((flags & (byte)TCPFlag.FIN) != 0) ? "F" : ".";
+            s += ((flags & (byte)TCPFlag.ACK) != 0) ? "A" : filler;
+            s += ((flags & (byte)TCPFlag.PUSH) != 0) ? "P" : filler;
+            s += ((flags & (byte)TCPFlag.RESET) != 0) ? "R" : filler;
+            s += ((flags & (byte)TCPFlag.SYN) != 0) ? "S" : filler;
+            s += ((flags & (byte)TCPFlag.FIN) != 0) ? "F" : filler;
             return s;
         }