To be able to do this, you need more than one network interface cards on the local machine.
You can do the same for one interface too (although it is a hack).
The key here is to ask for any loopback traffic (127.0.0.0) to go thru your new route (the gateway) and add a metric that is smaller than the default one.
Depending on the protocol that you want to sniff this may/ may not be helpful (basically anything above TCP should be OK).
The way route works is by trying to match the address as best as it can. The second rule is that no metric can be lower than the interface metric.
You first do an route print, inside your interface list you will see your interface index. Then do an ipconfig and get your gateway, then execute a route add.
1. Get the IPv4 address of the machine (Lets say it is 10.193.42.1). So, we use 10.193.0.0 in the example below
2. Get the default gateway address of the machine (Lets say it is 10.193.20.1)
3. Execute “route print” and get the first number in the interface list besides which you will see you NIC listed
Example, the number 6 in the sample route print output below:
6 …00 0b cd d4 c4 c5 …… Broadcom NetXtreme Gigabit Ethernet (NDIS6.0)
7 …00 0b cd d4 c4 c4 …… Broadcom NetXtreme Gigabit Ethernet (NDIS6.0) #2
1 ……………………… Software Loopback Interface 1
9 …00 00 00 00 00 00 00 e0 isatap.sys-sqlsvr.local
10 …00 00 00 00 00 00 00 e0 isatap.
4. Open up an elevated command prompt and execute the following command
route add 10.193.0.0 MASK 255.255.0.0 10.193.20.1 METRIC 7 if 6
So the syntax is “route add IPv4AddressWithTwoTrailingZeros MASK 255.255.0.0 DefaultGatewayIPv4Address METRIC ValueGreaterThanThatOfInterfaceMetric if NumberListedBesidesNICInRoutePrintOutput”
5. Install netmon on the machine
6. Execute “net stop policyagent” on command prompt
7. Start a capture on netmon
8. Execute the scenario by specifying the actual IPv4 address instead of server name of the request to enable routing
9. Stop capture
10. “net start policyagent” on command prompt
route delete 10.193.0.0
More information on route commands is available at:
Also, typing “route” on your command window will give you more information on usage of route.
SQL Server Protocols
Disclaimer: This posting is provided “AS IS” with no warranties, and confers no rights