Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
DB Engine
SQL ServerMSDESQL Server CE
Services
Analysis (Data Mining)Analysis (OLAP)DTSIntegration ServicesNotification ServicesReporting Services
Programming
CLRConnectivitySQLXML
Other Technologies
ClusteringEnglish QueryFull-Text SearchReplicationService Broker
General
Data WarehousingPerformanceSecuritySetupSQL Server ToolsOther SQL Server Topics
DirectoryUser Groups
Related Topics
MS AccessOther DB ProductsMS Server Products.NET DevelopmentVB DevelopmentJava DevelopmentMore Topics ...
SQL Server Forum / General / Security / May 2008

Tip: Looking for answers? Try searching our database.

SQL Profiler - What is ClientProcessID ?

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
amit@desiboy.com - 31 May 2008 20:00 GMT
in SQL profiler, we see some activity from ClientProcessID = 980
(malicious commands) , how do I figure out what is causing this
security breach.
Reply to this Message
Erland Sommarskog - 31 May 2008 20:57 GMT
> in SQL profiler, we see some activity from ClientProcessID = 980
> (malicious commands) , how do I figure out what is causing this
> security breach.

That's Windows process id at the host from which the commands are
originating from. So you need to find that machine first, and then
find process 980 on that box.

Signature

Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se

Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx

Reply to this Message
amit@desiboy.com - 31 May 2008 21:18 GMT
I don't see a column for WindowsProcessID ?  Would it give a computer
name ?
Reply to this Message
Erland Sommarskog - 31 May 2008 21:58 GMT
> I don't see a column for WindowsProcessID ?  Would it give a computer
> name ?

ClientProcessID is the the Windows Process ID. The trace could also have
a hostname.

Rather than looking in the trace, you can look in sysprocesses for
the hostprocessid.

Beware that the hostname can be forged by the application though. You
can find the IP address of the host in sys.dm_exec_connections if
you are on sQL 2005.

Signature

Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se

Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx

Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.