SQLPing

Since SQL server supports multiple instances, the server must communicate with the client the instance information and detail. It operates on the UDP port 1434 and generally known as instance mapper. A sample output from SQLping 1.3 looks like this:C:\SQLTOOLS>SQLPING 192.168.2.255SQLPinging...Response from 192.168.2.202-----------------------------ServerName : SNOOPYSQL1InstanceName : MSSQLSERVERIsClustered : NoVersion : 8.00.194np : \\SNOOPYSQL1\pipe\sql\querytcp : 1433True Version : 8.0.766rpc : SNOOPYSQL1SQLPing Complete.As you can see, SQLPing revealed some interesting information:
SQL Server name
Instance name (the default instance is MSSQLSERVER)
Cluster information and status
Version or the base version
Netlib supporting detail such as Name Pipe, TCP port, RPC name,etc)
Patched Version Looking at the based version and patched version number, you can tell whether the administrator keep the SQL Server patching up to date or not. Many security vulnerabilities are well known for unpatched system without hotfixes and service packs. Another item of interest is the whether clustering technology employed in this server. Clustered technology is generally used to provide high availability and for mission critical system. In this particular example, we see that TCP/IP, Name Pipe and Multiprotocol network libraries are used here. This information could be used to create a disaster if it falls in the hands of skillful hacker.