How to validate SQL Server traffic is encrypted?

Question

I need to prove that the encryption settings we have in our app\'s connection string are working.

What would be the simplest way to validate that traffic from our web

Answer 1

There is another much underrated tool from Microsoft itself: 'Microsoft Network Monitor'. Basically this is very similar to wireshark with the exception that some specific MS protocols have better parser and visualisation support than wireshark itself and obviously it would only run under windows ;-).

The tool is quite old and looks abandoned (havn't seen a newer release so far) but still does an good job and the grammar for defining new protocols is quite neat/interesting - so this still possess a lot of power for the future.

Analysis Example - Recording is filtered for TDS - so the other packets are discared mostly:

This is also true for sql server connections. The MNM can even visualize the resultsets going over the wire - quite neat. Nonetheless wireshark as mentioned above would be sufficient to validate encryption and applied certificates on the wire itself. Means it can understand the TDS-Protocoll fully.

Handling TLS

Also with an extension (so called experts) 'NmDecrypt' and the right certificates (including private keys) - it is possible to decrypt protocolls - quite nice for TDS which uses TLS INSIDE of TDS - no wonder - no one has really implemented that yet as a fully supported protocoll for wireshark ;)

Links for the tools:

• Microsoft Network Monitor: http://www.microsoft.com/en-us/download/details.aspx?id=4865
• NMDecrypt: http://nmdecrypt.codeplex.com/releases/view/85581