Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Vendor NewsFeed

More Vendor NewsFeed »

Understanding Database Sniffers

by Ken North

T he distributed nature of client/server means that database developers must add to their repertoires the ability to use different tools that provide information about the server, the network and the client application.

For some time, programmers who write database applications for mainframes and minicomputers have been using monitoring and debugging tools to provide a view of terminal communications or data streams, but the advent of client/server means that the client/server database developer needs this information too.

SQL servers from companies such as Oracle and Microsoft provide server-side performance monitors, but this article focuses on sniffers and spies: tools for monitoring the network and Windows client applications. These are not general-purpose network tools that might help to identify, for example, a noisy network card. Their domain is database software. Sniffers are network monitoring tools, while the spy programs are client-side tools.

Protocol analyzers provide the ability to monitor a network data stream and isolate specific frames that may consist of NetBIOS, IPX/SPX, TCP/IP or other packets. Database sniffers are protocol analyzers that include recognition of higher-level proprietary client/ server protocols such as Oracle TNS (Transparent Network Substrate) or SQL Server TDS (Tabular Data Stream). Network General Corp. is jointly developing with Oracle a rules-based sniffer product that analyzes SQL*Net traffic for Oracle 7 installations.

Windows spy programs trace the functions that a program calls, includi ng parameters, status returns and other events. Database spy programs recognize and monitor calls to specific database Application Programming Interfaces (APIs) such as Open Database Connectivity (ODBC), SQL Server DB-Library and CT-Library or Oracle Call Interface (OCI). SYWARE produces Dr. DeeBee Tools, a suite of tools for ODBC developers. Blue Lagoon Software produces utilities for Windows programmers using ODBC, OCI, DB-Library and CT-Library. SYWARE and Blue Lagoon Software offer extensive suites of Windows client tools, not simply a spy or trace capability.

To Sniff or to Spy?

Why does a programmer sniff or spy? The short answer is to know "what's going on." To debug or tune problem applications and queries, a programmer often compares expected versus actual behavior. When combined with the performance monitor at the server, these tools permit a programmer to monitor an application's behavior at the server, at the client and over the network.

They permit a programmer to time queries and they provide the ability to do comparisons of execution times for a native API versus ODBC.

These tools also provide a semantic analysis of function calls to identify poor programming practices, replaying scripts captured at remote sites, testing software where a specific driver or database is not available, analyzing queries to issue preemptive warnings of long-running queries.

You can also use these tools for timing the execution of stored procedures versus executing SQL statements, identifying client applications with deficient SQL and performing regression tests to ensure backward compatibility of new software releases. In some instances I've used traces to measure network latency by running a query from a client PC against a server and then running the identical application and query using the server in a local mode.

Dr. DeeBee Tools

SYWARE markets a suite of ODBC testing tools, Dr. DeeBee Tools, which includes Dr. DeeBee Spy, a redistributable version of the ODBC Spy utility that it developed for Microsoft. The suite also includes Dr. DeeBee Test (regression testing of drivers), Dr. DeeBee Info (driver and database features), Dr. DeeBee Timer (times ODBC function calls), Dr. DeeBee Peek (traces ODBC calls from a Windows client), and Dr. DeeBee Check (runtime semantic analysis). Dr. DeeBee Replay is role-playing software that is capable of emulating an application or an ODBC driver. The screen shot below illustrates an example of the log file output from Dr. DeeBee Spy. The program traces ODBC function calls with their parameters, status information and the query result data returned from the server. SYWARE sells the Dr. DeeBee Tools individually or as part of a bundle that includes 10 copies of Dr. DeeBee Spy.

Blue Lagoon Software

The Windows tools from Blue Lagoon include ODBC Inspector, DB-Library Inspector, CT-Library Inspector, Jet Inspector and OCI Inspector. These programs trace function calls from applications that use ODBC, native database APIs and Microsoft's Access Engine (Jet). The inspector programs record the execution time for each function, the calling program, parameters and return values. Blue Lagoon sells a Query Analyzer for ODBC and DB-Library applications that intercepts queries and performs an analysis similar to the DBMS' query optimizer. It notifies a user if a query violates preconfigured guidelines so that the user can execute, modify, abort or view an analysis of the query. The SQL Code Profiler provides a detailed SQL performance profile that provides for each SQL statement statistics such as logical and physical I/O counts, command execution times, index usage, scan counts and other information.

SQL*Net Sniffer

The SQL*Net Sniffer is a new member of Network General's Expert Sniffer series that supports most major network protocols (TCP/IP, IPX/SPX, AppleTalk and so on) over most major network types (Ethernet, Token-Ring and so on). It recognizes TNS and SQL*Net 2.x packets so it enables users to monitor and analyze traffic across multiple transport protocols between Oracle clients and servers. SQL*Net Sniffer includes a rules-based expert system that enables detection of errors from existing SQL*Net connections or failed connection attempts. The expert analysis provides a network manager with information about exact or probable causes of errors based on their origin and type.

SQL*Net Sniffer includes detailed absolute, relative or delta trace timing and basic scheduling functions. It accrues absolute timing information from the beginning of a trace or provides delta timing information for interpacket times. It also supports relative timing that permits a user to choose a reference frame so that all subsequent times are displayed relative to that reference frame.

The Sniffer user can also specify a filter such as a hexadecimal data pattern that will trigger the capture of data for a given period of time. It supports up to 20 of these scheduled traces. The Sniffer can't create network activity profiles, say, for typical processing scenarios such as month-end transactions, but it can analyze data and send alarm events upon encountering certain thresholds.

Spying on Your Applications

These tools have been useful on more than one of my projects for purposes such as sleuthing performance problems and evaluating SQL and software coding practices, particularly where the application is shrink-wrapped and no source code to programs is available. Some of my projects are similar to many database projects today that involve a combination of custom code and retail software; performance and response time are an issue with both classes of software.

One project started by using the Blue Lagoon inspectors to compare DB-Library against ODBC for the same queries, but it progressed through stages that required other tool capabilities. After developing a prototype database, I ran several custom and retail ODBC applications to compare response times and try to identify bottlenecks. In several cases, adjusting time-out period s to accommodate greater network latency was still not the answer to performance problems. The spy tools confirmed that software that used direct execution ad hoc queries took longer to paint the results screens than those that used prepared (compiled) queries and that stored procedures executed even more quickly.

Stored procedures reduce network traffic, so my plan was to use them whenever possible, but even that step required more sleuthing. Stored procedures reside at the server, so a variety of client applications can execute the same procedure. Some programs produced errors while running procedures that ran successfully for other programs. By spying I found that failing applications were not making the same API calls as successful applications, were using the wrong data types for returned values or were wrong about the number of result sets returned from a procedure. On another of my projects, a spy program revealed that stored procedure errors were related to a combination of application and ODBC driver. Changing drivers and application software eliminated the errors.

Ken North is a consultant with experience developing mainframe, mini, client/server and PC database software. He is the author of Windows Multi-DBMS Programming (John Wiley &Sons, 1995). Contact him at 71301.1306@compuserve.com.


Research and Reports

Hypervisor Derby
August 2011
Network Computing: August 2011

Video


WATCH: Box.net CEO Aaron Levie Takes On Microsoft

WATCH: HP Chairman Ray Lane: Focus On Innovation

WATCH: How OpenFlow Changes Networking


View All Videos
Previous Page First Page Second Page Third Page Next Page

Most Popular

Stories Blogs

More Stories »

Featured Whitepapers

Featured Reports

BlogRoll

TechWeb Careers