DataSunrise is sponsoring RSA Conference2024 in San Francisco, please visit us in DataSunrise's booth #6178

This website stores cookies to collect information about how you interact with our website. To find out more visit our Privacy Policy.

  • Home
  • Guides
  • How to Check if DataSunrise Receives Traffic From the Client Application and Protected Database

How to Check if DataSunrise Receives Traffic From the Client Application and Protected Database

DataSunrise’s Approach to Configuring Penalties for SQL Injection Detection How to Block Specific Hosts in DataSunrise for Enhanced Database Security Troubleshooting AWS Metering and Hourly Billing Issues in DataSunrise on AWS Marketplace Cloud Formation Modification Dynamic Data Masking with DataSunrise: Masking with Lua scripts How to Choose the Database for Audit Storage: A Performance Analysis How to Run pgbench Through DataSunrise Proxy on PostgreSQL 14 with SCRAM Authentication How to Configure DataSunrise SSO Authentication Based on SAML (Okta) How to Configure DataSunrise SSO Authentication Based on OpenID (Okta) How to Search for Sensitive Data in Images Hosted on AWS S3 How to Deploy DataSunrise with Terraform Template on Microsoft Azure How to Integrate DataSunrise with SQL Server Always On Cluster How to Deploy DataSunrise in Microsoft Azure Using Azure Resource Manager How to Perform DataSunrise Static Data Masking for MongoDB How to Configure DB Audit Trailing for MS Azure MySQL How to Configure DB Audit Trailing for MS Azure PostgreSQL How to Configure DataSunrise to Mask Data for Amazon Athena How to Upgrade RHEL OS version of existing DataSunrise servers How to Integrate DataSunrise with AWS Database Activity Streams for Getting Auditing Results for AWS Aurora PostgreSQL How to Set Up SSL Certificates for DataSunrise Database Proxy How to Generate Reports in DataSunrise How to Hide Schemas From Users in Redshift How to Configure Reading RDS Postgres Audit Logs in DataSunrise? How to audit administrative actions in your Oracle RDS and Oracle databases on EC2 How to Check if DataSunrise Receives Traffic From the Client Application and Protected Database How To Remove a Procedure or a Function From a Database

How to Check if DataSunrise Receives Traffic From the Client Application and Protected Database

Linux Checking Process Windows Checking Process

Basically, the first thing to be done is to check the Dashboard to determine if a connection is established with DataSunrise Security Suite proxy. The established connections count is shown in the Dashboard section:

img1

For example, in this screenshot you can see that there are 3 connections established, they can be seen in the Proxies list -> Sessions columns. Also according to the Active Audited Sessions section, 2 of these belong to the DBeaver application which is connected to the proxy.

Further, from this document you will learn in more detail how to check if all the required connections are established correctly.


Required tools

You will need to install the specific tools that will help you capture the required traffic.

All of the installations should be made on a machine where DataSunrise Security Suite is installed.

WINDOWS

In case traffic capture is done on a machine running Windows OS, it is recommended to use the tool called Wireshark: https://www.wireshark.org/download/

LINUX

In case the capture is done on a UNIX-based OS the recommended tool is Tcpdump: https://en.wikipedia.org/wiki/Tcpdump

sudo yum install –y tcpdump

Required Information

To determine if traffic flows between a database, client and DataSunrise, it is necessary to know the IP addresses of:

  1. Database server
  2. DataSunrise server
  3. Client application machine
  4. Proxy port number

As soon as you get the information about the IP-addresses you can start the checking process.

IMPORTANT: make sure that all the preparations on the DataSunrise side (the instance is configured, and Proxy is listening on the desired port number) and the Client Application side (client application is configured to connect to the DataSunrise proxy) are made correctly.


Linux Checking Process

After the Tcpdump package is correctly installed execute the following command replacing the IP values with those that correspond to your environment:

sudo tcpdump -nn --number \(host DatabaseIP and host DataSunrise\) 
or \(host DataSunriseIP and host ClientIP\) and ProxyPort

The Tcpdump application will start listening for the connections that are established according to the filter you have specified.

Now you need to establish a connection with the DataSunrise proxy and check if the desired connection has been established properly from the client application IP address to the DataSunrise IP address and from the DataSunrise IP address to the Database IP address.

Example:

Let us try to run a test and see what happens when I try to connect to an Amazon EC2 machine where DataSunrise is installed and DataSunrise is configured to protect a MySQL database. The IP addresses for the test environment:

172.31.17.62 - Database
172.31.14.182 - DataSunrise
17.72.172.31 - Client application
3306 – Proxy port
example

As you can see here, on establishing a connection the Client application connected from port 27217 to the DataSunrise machine IP address to port 3306 (line 1) and after this DataSunrise connected to the Database itself from port 47000 to port 3306 (line 4). The MySQL database also answers to DataSunrise (line 5) and doesn’t answer to the client application directly. This means that the connection has been established correctly and the client application connects right to the DataSunrise hostname.


Windows

In the WireShark user interface, you will need to specify a filter in the filter text field.

example

To identify the traffic correctly you will need to enter the following filter replacing the IP values with those that correspond to your environment:

((ip.addr==DataSunriseIP  and ip.addr==ClientIP) and tcp.port == ProxyPort) 
or (ip.addr==DatabaseIP and ip.addr==DataSunriseIP)

After the filter is specified, just like for Linux you will need to try to establish a connection with the DataSunrise proxy and check if all the connections go properly to the desired targets.

Example:

Let us try to run a test and see what happens when I try to connect to the machine where DataSunrise is installed and DataSunrise is configured to protect a PostgreSQL database. The IP addresses for the test environment:

18.0.14.148 - Database
192.168.1.35 - DataSunrise
192.168.1.109 - Client application
5433 – Proxy port
example

As you can see in the screenshot, when I press on the test connection button on the client machine, the traffic goes from ClientIP to the DataSunriseIP address through port 5433 (line 191). After that DataSunrise starts to resent traffic to the DatabaseIP (line 194). There are also many other lines that prove that the traffic goes to the PostgreSQL server (Protocol Column). For example, line 198 shows that DataSunrise sent traffic to the Database and then line 200 shows that the Database sent its response to DataSunrise using the PGSQL protocol.

This means that the traffic goes directly to the desired DataSunrise machine IP address.

Did this guide help you?

Contact Us