SimWitty

Wolfgang,

I think I almost have this thing figured out, but not quite. One problem may be that I don't know anything about SQL or SQL Server. My original problem was the SQL and SQL browser services not starting. I eventually figured that they needed to run as system rather than network service(why isn't this default?). Once I got them started I had a little firewall confusion, but figured that out. Following some advice from "How to connect to an instance of SQL Server Desktop Edition or of SQL Server 2005 Express Edition" (http://support.microsoft.com/kb/319930) I created a .udl file and filled in all the values that you will be able to see in the attached .jpgs. When I pressed the "test connection" button on this file, it connected to the SQL Server machine just fine. I did a capture of this traffic and am attaching it.

When I tried running Snort, it eventually errored out on me. I am attaching a file with the command line used and the error message returned by Snort. I happened to capture this traffic also, and am attaching the .pcap. In this capture, you can see the two machines communicating, but for some reason the aren't on the same page. The packets look similar to the ones sent in the successful connection. The layout is:
Snort-Server(192.168.2.50)->SQL-Server(192.168.2.10)

I know you are a busy guy, but if you get a chance to look at these attached files and see if something wrong stands out, I would appreciate it. In the meantime, I will keep investigating. Once I get all this squared away, I will document the entire process and mark this item as closed.

Attached: snort-problems.zip {
connect-attempt_snort-fail.pcap
connect-attempt_snort-fail.txt
connect-attempt_test-success.pcap
snort-server_data-connect_01.jpg
snort-server_data-connect_02.jpg
snort-server_data-connect_03.jpg
test_db_connect.udl (this is a text file, but will do a connection when double clicked)
}
---Jeff