Protocol Packet Formats & Wire Specifications
Protocol Packet Formats & Wire Specifications
HeliosDB Multi-Protocol Database Support
Researcher Agent Documentation Date: 2025-10-10
Table of Contents
- PostgreSQL Wire Protocol
- MySQL Protocol v10
- TDS 7.4 (SQL Server)
- DRDA (DB2)
- Oracle TNS/TTC
- HTTP/REST APIs
- Protocol Detection Reference
1. PostgreSQL Wire Protocol
Message Format
All Messages (except Startup):+--------+------------+-----------------+| Type | Length | Payload || 1 byte | 4 bytes | Variable |+--------+------------+-----------------+
Startup Message (first message only):+------------+----------------+-----------------+| Length | Protocol Ver | Parameters || 4 bytes | 4 bytes | Key=Val pairs |+------------+----------------+-----------------+Byte Order
- Big-endian (network byte order) for all multi-byte integers
Message Types (Frontend → Backend)
| Byte | Name | Description |
|---|---|---|
| ’Q’ | Query | Simple query |
| ’P’ | Parse | Parse statement (prep) |
| ‘B’ | Bind | Bind parameters |
| ’E’ | Execute | Execute portal |
| ’D’ | Describe | Describe statement/portal |
| ’C’ | Close | Close statement/portal |
| ’S’ | Sync | Sync point |
| ’F’ | FunctionCall | Function call |
| ’X’ | Terminate | Close connection |
| ’p’ | PasswordMessage | Auth response |
| ’d’ | CopyData | COPY data |
| ’c’ | CopyDone | COPY complete |
| ’f’ | CopyFail | COPY failure |
| ’H’ | Flush | Flush buffered output |
Message Types (Backend → Frontend)
| Byte | Name | Description |
|---|---|---|
| ’R’ | Authentication | Auth request/response |
| ’K’ | BackendKeyData | Cancel key |
| ’T’ | RowDescription | Column metadata |
| ’D’ | DataRow | Row data |
| ’C’ | CommandComplete | Command done |
| ’Z’ | ReadyForQuery | Ready for query |
| ’E’ | ErrorResponse | Error occurred |
| ’N’ | NoticeResponse | Warning/notice |
| ’S’ | ParameterStatus | Runtime parameter |
| ’I’ | EmptyQueryResponse | Empty query |
| ’1’ | ParseComplete | Parse successful |
| ’2’ | BindComplete | Bind successful |
| ’3’ | CloseComplete | Close successful |
| ’n’ | NoData | No data (e.g., DDL) |
| ‘s’ | PortalSuspended | Portal suspended |
| ’t’ | ParameterDescription | Param types |
| ’A’ | NotificationResponse | Async notification |
Startup Message
Offset | Size | Field-------|------|------0 | 4 | Length (includes self)4 | 4 | Protocol version (0x00030000 for 3.0)8 | Var | Parameters (null-terminated key-value pairs) | | - "user\0demo\0" | | - "database\0demo\0" | | - "application_name\0python\0" | | - "client_encoding\0UTF8\0" | 1 | Final null terminator (0x00)Example:
00 00 00 28 (Length: 40 bytes)00 03 00 00 (Protocol: 3.0)75 73 65 72 (user)00 (\0)64 65 6D 6F (demo)00 (\0)64 61 74 61 (data)62 61 73 65 (base)00 (\0)64 65 6D 6F (demo)00 (\0)00 (final \0)Authentication Messages
AuthenticationOk (R message):
Offset | Size | Field-------|------|------0 | 1 | 'R'1 | 4 | Length (8)5 | 4 | Auth type (0 = OK)AuthenticationSASL (R message):
Offset | Size | Field-------|------|------0 | 1 | 'R'1 | 4 | Length5 | 4 | Auth type (10 = SASL)9 | Var | Mechanism list (length-prefixed strings) | | - Int32 length | | - String data (UTF-8) | | - Repeat for each mechanism | 4 | Final length = 0 (list terminator)SASLInitialResponse (p message):
Offset | Size | Field-------|------|------0 | 1 | 'p'1 | 4 | Length5 | Var | Selected mechanism name (length-prefixed string) | 4 | Response length (-1 if no response) | Var | Response data (if length > 0)AuthenticationSASLContinue (R message):
Offset | Size | Field-------|------|------0 | 1 | 'R'1 | 4 | Length5 | 4 | Auth type (11 = SASL Continue)9 | Var | Server challenge data (raw bytes)SASLResponse (p message):
Offset | Size | Field-------|------|------0 | 1 | 'p'1 | 4 | Length5 | Var | Response data (raw bytes)AuthenticationSASLFinal (R message):
Offset | Size | Field-------|------|------0 | 1 | 'R'1 | 4 | Length5 | 4 | Auth type (12 = SASL Final)9 | Var | Server final message (raw bytes)Query Messages
Simple Query (Q):
Offset | Size | Field-------|------|------0 | 1 | 'Q'1 | 4 | Length5 | Var | Query string (null-terminated)Parse (P):
Offset | Size | Field-------|------|------0 | 1 | 'P'1 | 4 | Length5 | Var | Statement name (null-terminated, "" for unnamed) | Var | Query string (null-terminated) | 2 | Number of parameter types | 4*N | Parameter type OIDs (0 = infer)Bind (B):
Offset | Size | Field-------|------|------0 | 1 | 'B'1 | 4 | Length5 | Var | Portal name (null-terminated) | Var | Statement name (null-terminated) | 2 | Number of parameter format codes | 2*N | Format codes (0=text, 1=binary) | 2 | Number of parameter values | 4 | Parameter value length (-1 = NULL) | Var | Parameter value bytes | 2 | Number of result format codes | 2*M | Result format codesExecute (E):
Offset | Size | Field-------|------|------0 | 1 | 'E'1 | 4 | Length5 | Var | Portal name (null-terminated) | 4 | Max rows (0 = unlimited)Response Messages
RowDescription (T):
Offset | Size | Field-------|------|------0 | 1 | 'T'1 | 4 | Length5 | 2 | Number of fields
For each field: | Var | Field name (null-terminated) | 4 | Table OID (0 if not a table column) | 2 | Column attribute number (0 if not a table column) | 4 | Data type OID | 2 | Data type size (-1 = variable) | 4 | Type modifier (-1 = none) | 2 | Format code (0=text, 1=binary)DataRow (D):
Offset | Size | Field-------|------|------0 | 1 | 'D'1 | 4 | Length5 | 2 | Number of column values
For each column: | 4 | Column value length (-1 = NULL) | Var | Column value bytesCommandComplete (C):
Offset | Size | Field-------|------|------0 | 1 | 'C'1 | 4 | Length5 | Var | Command tag (null-terminated) | | Examples: "SELECT 10", "INSERT 0 1", "UPDATE 5"ReadyForQuery (Z):
Offset | Size | Field-------|------|------0 | 1 | 'Z'1 | 4 | Length (5)5 | 1 | Transaction status | | 'I' = Idle (not in transaction) | | 'T' = In transaction block | | 'E' = Failed transaction (rollback only)ErrorResponse (E):
Offset | Size | Field-------|------|------0 | 1 | 'E'1 | 4 | Length5 | Var | Error fields (type byte + null-terminated string)
Field types: 'S' = Severity (ERROR, FATAL, PANIC) 'V' = Severity (non-localized) 'C' = SQLSTATE code (5 chars) 'M' = Message (primary) 'D' = Detail 'H' = Hint 'P' = Position (as string) 'p' = Internal position 'q' = Internal query 'W' = Where (context) 's' = Schema name 't' = Table name 'c' = Column name 'd' = Data type name 'n' = Constraint name 'F' = File (source code) 'L' = Line (source code) 'R' = Routine (source code) 0x00 = TerminatorData Type OIDs (Common)
| OID | Type | Description |
|---|---|---|
| 16 | bool | Boolean |
| 17 | bytea | Binary data |
| 20 | int8 | 64-bit integer |
| 21 | int2 | 16-bit integer |
| 23 | int4 | 32-bit integer |
| 25 | text | Variable-length text |
| 700 | float4 | 32-bit float |
| 701 | float8 | 64-bit float |
| 1043 | varchar | Variable char (limit) |
| 1082 | date | Date |
| 1114 | timestamp | Timestamp (no tz) |
| 1184 | timestamptz | Timestamp with tz |
| 1700 | numeric | Arbitrary precision |
| 2950 | uuid | UUID |
| 3802 | jsonb | Binary JSON |
2. MySQL Protocol v10
Packet Format
All Packets:+---------------+-------------+-----------------+| Payload Len | Sequence ID | Payload || 3 bytes | 1 byte | Variable |+---------------+-------------+-----------------+Byte Order
- Little-endian for multi-byte integers
Payload Length Encoding
- 3 bytes, little-endian
- Maximum: 0xFFFFFF (16,777,215 bytes)
- For larger payloads: split into multiple packets
Sequence ID
- Increments with each packet (0x00, 0x01, 0x02, …)
- Resets to 0x00 at start of new command
HandshakeV10 (Server → Client)
Offset | Size | Field-------|------|------0 | 3 | Payload length3 | 1 | Sequence ID (0x00)
Payload:4 | 1 | Protocol version (0x0a = 10)5 | Var | Server version (null-terminated string) | 4 | Connection ID | 8 | Auth plugin data part 1 (salt) | 1 | Filler (0x00) | 2 | Capability flags (lower 2 bytes) | 1 | Character set | 2 | Status flags | 2 | Capability flags (upper 2 bytes) | 1 | Auth plugin data length (or 0x00) | 10 | Reserved (0x00) | Var | Auth plugin data part 2 (if auth plugin flag set) | | Length = max(13, auth_plugin_data_len - 8) | Var | Auth plugin name (null-terminated, if CLIENT_PLUGIN_AUTH)Example:
4a 00 00 00 (Length: 74 bytes)00 (Sequence: 0)0a (Protocol: 10)38 2e 30 2e (8.0.35)33 35 0001 00 00 00 (Connection ID: 1)4a 5b 3c 26 (Auth data part 1)21 7e 43 2f00 (Filler)ff ff (Capabilities lower)21 (Character set: utf8mb4_general_ci)02 00 (Status: autocommit)ff c1 (Capabilities upper)15 (Auth data length: 21)00 00 00 00 (Reserved)00 00 00 0000 0071 2b 59 38 (Auth data part 2)3a 56 28 3f69 5f 63 7863 61 63 68 (caching_sha2_password)69 6e 67 5f73 68 61 325f 70 61 7373 77 6f 7264 00HandshakeResponse41 (Client → Server)
Offset | Size | Field-------|------|------0 | 3 | Payload length3 | 1 | Sequence ID (0x01)
Payload:4 | 4 | Capability flags8 | 4 | Max packet size12 | 1 | Character set13 | 23 | Reserved (0x00)36 | Var | Username (null-terminated) | Var | Auth response (length-encoded or null-terminated) | | If CLIENT_PLUGIN_AUTH_LENENC_CLIENT_DATA: length-encoded | | If CLIENT_SECURE_CONNECTION: 1-byte length + data | | Else: null-terminated | Var | Database name (null-terminated, if CLIENT_CONNECT_WITH_DB) | Var | Auth plugin name (null-terminated, if CLIENT_PLUGIN_AUTH) | Var | Connection attributes (if CLIENT_CONNECT_ATTRS) | | Length-encoded key-value pairsCapability Flags (4 bytes, little-endian)
| Bit | Flag | Value |
|---|---|---|
| 0 | CLIENT_LONG_PASSWORD | 0x00000001 |
| 1 | CLIENT_FOUND_ROWS | 0x00000002 |
| 2 | CLIENT_LONG_FLAG | 0x00000004 |
| 3 | CLIENT_CONNECT_WITH_DB | 0x00000008 |
| 4 | CLIENT_NO_SCHEMA | 0x00000010 |
| 5 | CLIENT_COMPRESS | 0x00000020 |
| 6 | CLIENT_ODBC | 0x00000040 |
| 7 | CLIENT_LOCAL_FILES | 0x00000080 |
| 8 | CLIENT_IGNORE_SPACE | 0x00000100 |
| 9 | CLIENT_PROTOCOL_41 | 0x00000200 |
| 10 | CLIENT_INTERACTIVE | 0x00000400 |
| 11 | CLIENT_SSL | 0x00000800 |
| 12 | CLIENT_IGNORE_SIGPIPE | 0x00001000 |
| 13 | CLIENT_TRANSACTIONS | 0x00002000 |
| 14 | CLIENT_RESERVED | 0x00004000 |
| 15 | CLIENT_SECURE_CONNECTION | 0x00008000 |
| 16 | CLIENT_MULTI_STATEMENTS | 0x00010000 |
| 17 | CLIENT_MULTI_RESULTS | 0x00020000 |
| 18 | CLIENT_PS_MULTI_RESULTS | 0x00040000 |
| 19 | CLIENT_PLUGIN_AUTH | 0x00080000 |
| 20 | CLIENT_CONNECT_ATTRS | 0x00100000 |
| 21 | CLIENT_PLUGIN_AUTH_LENENC_CLIENT_DATA | 0x00200000 |
| 22 | CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS | 0x00400000 |
| 23 | CLIENT_SESSION_TRACK | 0x00800000 |
| 24 | CLIENT_DEPRECATE_EOF | 0x01000000 |
| 25 | CLIENT_OPTIONAL_RESULTSET_METADATA | 0x02000000 |
| 26 | CLIENT_ZSTD_COMPRESSION_ALGORITHM | 0x04000000 |
| 27 | CLIENT_QUERY_ATTRIBUTES | 0x08000000 |
OK_Packet (0x00)
Offset | Size | Field-------|------|------0 | 3 | Payload length3 | 1 | Sequence ID
Payload:4 | 1 | Header (0x00 or 0xfe with CLIENT_DEPRECATE_EOF)5 | Var | Affected rows (length-encoded integer) | Var | Last insert ID (length-encoded integer) | 2 | Status flags | 2 | Warnings | Var | Info (length-encoded string, if CLIENT_SESSION_TRACK) | | OR human-readable string (rest of packet) | Var | Session state changes (if CLIENT_SESSION_TRACK)ERR_Packet (0xff)
Offset | Size | Field-------|------|------0 | 3 | Payload length3 | 1 | Sequence ID
Payload:4 | 1 | Header (0xff)5 | 2 | Error code (little-endian)7 | 1 | SQL state marker ('#')8 | 5 | SQL state (ASCII)13 | Var | Error message (rest of packet, UTF-8)Common Error Codes:
- 1045: Access denied (bad password)
- 1049: Unknown database
- 1146: Table doesn’t exist
- 1054: Unknown column
- 2002: Connection failed
COM_QUERY (0x03)
Offset | Size | Field-------|------|------0 | 3 | Payload length3 | 1 | Sequence ID (0x00)
Payload:4 | 1 | Command (0x03)5 | Var | Query (rest of packet, no null terminator)COM_STMT_PREPARE (0x16)
Offset | Size | Field-------|------|------0 | 3 | Payload length3 | 1 | Sequence ID (0x00)
Payload:4 | 1 | Command (0x16)5 | Var | Query (rest of packet, no null terminator)Response (COM_STMT_PREPARE_OK):
Offset | Size | Field-------|------|------0 | 3 | Payload length3 | 1 | Sequence ID
Payload:4 | 1 | Status (0x00)5 | 4 | Statement ID9 | 2 | Number of columns11 | 2 | Number of parameters13 | 1 | Reserved (0x00)14 | 2 | Warning count
Followed by parameter definitions (if num_params > 0)Followed by column definitions (if num_columns > 0)COM_STMT_EXECUTE (0x17)
Offset | Size | Field-------|------|------0 | 3 | Payload length3 | 1 | Sequence ID (0x00)
Payload:4 | 1 | Command (0x17)5 | 4 | Statement ID9 | 1 | Flags (0x00=cursor closed, 0x01=cursor read-only)10 | 4 | Iteration count (always 0x01)14 | Var | NULL bitmap (if num_params > 0) | | (num_params + 7) / 8 bytes | 1 | New params bound flag (0x00 or 0x01) | Var | Parameter types (if new_params_bound = 0x01) | | 2 bytes per parameter (type + unsigned flag) | Var | Parameter values (binary encoding)Result Set Packet
Column Count Packet:Offset | Size | Field-------|------|------0 | 3 | Payload length3 | 1 | Sequence ID
Payload:4 | Var | Column count (length-encoded integer)
Column Definition Packet (for each column):Offset | Size | Field-------|------|------0 | 3 | Payload length3 | 1 | Sequence ID
Payload:4 | Var | Catalog (length-encoded string, usually "def") | Var | Schema (length-encoded string) | Var | Table (length-encoded string, virtual table) | Var | Org table (length-encoded string, physical table) | Var | Name (length-encoded string, alias) | Var | Org name (length-encoded string, physical column) | 1 | Length of fixed fields (0x0c) | 2 | Character set | 4 | Column length (max length in characters) | 1 | Column type | 2 | Column flags | 1 | Decimals | 2 | Reserved (0x00) | Var | Default value (if command was COM_FIELD_LIST)
EOF or OK Packet (if CLIENT_DEPRECATE_EOF not set)
Row Data Packets (text protocol):Offset | Size | Field-------|------|------0 | 3 | Payload length3 | 1 | Sequence ID
Payload:4 | Var | Column 1 (length-encoded string, 0xfb = NULL) | Var | Column 2 (length-encoded string) | ...
Row Data Packets (binary protocol, COM_STMT_EXECUTE):Offset | Size | Field-------|------|------0 | 3 | Payload length3 | 1 | Sequence ID
Payload:4 | 1 | Packet header (0x00)5 | Var | NULL bitmap ((column_count + 7 + 2) / 8 bytes) | Var | Column values (binary encoding, non-NULL only)
Final EOF or OK PacketLength-Encoded Integer
If value < 0xfb: 1 byte value
If first byte = 0xfc: 2 bytes following (little-endian)
If first byte = 0xfd: 3 bytes following (little-endian)
If first byte = 0xfe: 8 bytes following (little-endian)
0xfb = NULL (in some contexts)3. TDS 7.4 (SQL Server)
Packet Format
All Packets:+--------+--------+--------+--------+--------+--------+---------+| Type | Status | Length | SPID | PktID | Window | Payload || 1 byte | 1 byte | 2 bytes| 2 bytes| 1 byte | 1 byte | Variable|+--------+--------+--------+--------+--------+--------+---------+
Total Header: 8 bytesByte Order
- Big-endian for Length field
- Little-endian for SPID and payload data
Packet Types
| Type | Name | Direction | Description |
|---|---|---|---|
| 0x01 | SQL_BATCH | C→S | SQL batch |
| 0x02 | RPC | C→S | Remote procedure call |
| 0x03 | TABULAR_RESULT | S→C | Result set data |
| 0x04 | ATTENTION | C→S | Cancel request |
| 0x06 | BULK_LOAD | C→S | Bulk insert |
| 0x07 | TRANSACTION_MANAGER | C→S | Transaction request |
| 0x0e | LOGIN | C→S | Login (TDS 7.0) |
| 0x10 | LOGIN7 | C→S | Login (TDS 7.1+) |
| 0x11 | SSPI | C→S | SSPI auth |
| 0x12 | PRELOGIN | C→S | Pre-login handshake |
| 0x13 | APPDATA | - | Application data |
| 0x14 | FEDAUTH | C→S | Federated auth |
Status Flags (1 byte)
| Bit | Flag | Description |
|---|---|---|
| 0 | Normal | 0x00 = normal, 0x01 = EOM (end of message) |
| 1 | Ignore | Ignore this packet |
| 2 | Event | Event notification |
| 3 | ResetConnection | Reset connection state |
| 4 | ResetConnectionSkipTran | Reset skip transaction |
Most common: 0x01 (EOM) or 0x00 (more packets follow)
PRELOGIN Packet
Packet Header:Offset | Size | Field-------|------|------0 | 1 | Type (0x12)1 | 1 | Status (0x01 for EOM)2 | 2 | Length (total packet length, big-endian)4 | 2 | SPID (0x0000)6 | 1 | Packet ID (0x01)7 | 1 | Window (0x00)
PRELOGIN Options (token list + data):8 | Var | Option tokens (offset/length pairs)
Each option token: | 1 | Option type | 2 | Offset from start of packet (big-endian) | 2 | Length (big-endian)
| 1 | Terminator (0xff)
| Var | Option data (at specified offsets)Option Types:
- 0x00: VERSION (UL_VERSION 4 bytes + US_SUBBUILD 2 bytes)
- 0x01: ENCRYPTION (1 byte)
- 0x00 = ENCRYPT_OFF
- 0x01 = ENCRYPT_ON
- 0x02 = ENCRYPT_NOT_SUP
- 0x03 = ENCRYPT_REQ
- 0x80 = ENCRYPT_CLIENT_CERT
- 0x02: INSTOPT (instance name, 1 byte validity + string)
- 0x03: THREADID (4 bytes)
- 0x04: MARS (1 byte, 0x00=off, 0x01=on)
- 0x05: TRACEID (GUID_CONNID 16 bytes + GUID_ActivityID 16 bytes + ActivitySequence 4 bytes)
- 0x06: FEDAUTHREQUIRED (1 byte, 0x00=no, 0x01=yes)
- 0x07: NONCEOPT (nonce, 32 bytes)
Example (simplified):
12 (Type: PRELOGIN)01 (Status: EOM)00 34 (Length: 52 bytes)00 00 (SPID: 0)01 (Packet ID: 1)00 (Window: 0)
00 00 08 00 06 (VERSION at offset 0x08, length 6)01 00 0e 00 01 (ENCRYPTION at offset 0x0e, length 1)03 00 0f 00 04 (THREADID at offset 0x0f, length 4)04 00 13 00 01 (MARS at offset 0x13, length 1)ff (Terminator)
[Data at offsets:]0f 00 00 00 (VERSION: 15.0.0.0)00 0001 (ENCRYPTION: ON)00 00 12 34 (THREADID: 0x1234)00 (MARS: off)LOGIN7 Packet
Packet Header:Offset | Size | Field-------|------|------0 | 1 | Type (0x10)1 | 1 | Status (0x01)2 | 2 | Length4 | 2 | SPID (0x0000)6 | 1 | Packet ID7 | 1 | Window (0x00)
LOGIN7 Structure:8 | 4 | Total length (little-endian)12 | 4 | TDS version (0x74000004 for TDS 7.4)16 | 4 | Packet size (4096, 8192, etc.)20 | 4 | Client version24 | 4 | Client PID28 | 4 | Connection ID (0x00000000)32 | 1 | OptionFlags133 | 1 | OptionFlags234 | 1 | TypeFlags35 | 1 | OptionFlags336 | 4 | ClientTimeZone (minutes from UTC)40 | 4 | ClientLCID
44+ | Var | Offset/Length pairs (2+2 bytes each): | | - HostName (offset, length in chars) | | - UserName | | - Password (obfuscated) | | - AppName | | - ServerName | | - Extension | | - CltIntName | | - Language | | - Database | | - ClientID (6 bytes) | | - SSPI (offset, length) | | - AtchDBFile | | - ChangePassword | | - SSPILong (4 bytes length)
| Var | String data (UTF-16LE, password obfuscated)OptionFlags1:
- Bit 0: Byte order (0=little, 1=big)
- Bit 1-2: Char (0=ASCII, 1=EBCDIC)
- Bit 3-4: Float (0=IEEE754, …)
- Bit 5: Dump/load
- Bit 6: Use DB warn
- Bit 7: Init DB fatal
OptionFlags2:
- Bit 0: Init lang warn
- Bit 1: ODBC driver
- Bit 2: Transaction boundary
- Bit 3: Cache connect
- Bit 4-5: User type (0=normal, 1=server, 2=remuser, 3=sqlrepl)
- Bit 7: Integrated security
TypeFlags:
- Bit 0-1: SQL type (0=DFLT, 1=TSQL)
- Bit 4: OLEDB
- Bit 5: Read-only intent
OptionFlags3:
- Bit 0: Change password
- Bit 1: Send Yukon binary XML
- Bit 2: User instance
- Bit 3: Unknown collation handling
- Bit 4: Extension present
Password Obfuscation:
For each byte in password (UTF-16LE): 1. XOR with 0xA5 2. Swap nibbles: byte = ((byte & 0x0F) << 4) | ((byte & 0xF0) >> 4)Token Stream (TABULAR_RESULT)
LOGINACK Token (0xAD):
Offset | Size | Field-------|------|------0 | 1 | Token type (0xad)1 | 2 | Token length (little-endian)3 | 1 | Interface (0x00=SQL_DFLT, 0x01=SQL_TSQL)4 | 4 | TDS version (little-endian)8 | 1 | Program name length9 | Var | Program name (UTF-16LE) | 1 | Major version | 1 | Minor version | 1 | Build number high | 1 | Build number lowENVCHANGE Token (0xE3):
Offset | Size | Field-------|------|------0 | 1 | Token type (0xe3)1 | 2 | Token length (little-endian)3 | 1 | Type | | 0x01 = Database | | 0x02 = Language | | 0x03 = Character set | | 0x04 = Packet size | | 0x07 = Collation | | 0x0d = Begin transaction | | 0x0e = Commit | | 0x0f = Rollback4 | 1 | New value length (B_VARCHAR)5 | Var | New value (UTF-16LE) | 1 | Old value length | Var | Old value (UTF-16LE)ERROR Token (0xAA):
Offset | Size | Field-------|------|------0 | 1 | Token type (0xaa)1 | 2 | Token length (little-endian)3 | 4 | Error number (little-endian)7 | 1 | State8 | 1 | Class (severity)9 | 2 | Message text length (little-endian)11 | Var | Message text (UTF-16LE) | 1 | Server name length | Var | Server name (UTF-16LE) | 1 | Proc name length | Var | Proc name (UTF-16LE) | 4 | Line number (little-endian)DONE Token (0xFD):
Offset | Size | Field-------|------|------0 | 1 | Token type (0xfd)1 | 2 | Status (little-endian) | | 0x0000 = DONE_FINAL | | 0x0001 = DONE_MORE | | 0x0002 = DONE_ERROR | | 0x0010 = DONE_COUNT3 | 2 | CurCmd (little-endian, 0x0000 for login)5 | 8 | DoneRowCount (little-endian)COLMETADATA Token (0x81):
Offset | Size | Field-------|------|------0 | 1 | Token type (0x81)1 | 2 | Column count (little-endian, 0xffff = no metadata)
For each column (if count > 0): | 4 | User type (little-endian) | 2 | Flags (little-endian) | Var | Type info (type-dependent) | 1 | Column name length | Var | Column name (UTF-16LE)ROW Token (0xD1):
Offset | Size | Field-------|------|------0 | 1 | Token type (0xd1)1 | Var | Column data (based on COLMETADATA)4. DRDA (DB2)
DDM Packet Format
All DDM Packets:+--------+--------+--------+-----------------+| Length | Magic | Format | Code Point || 2 bytes| 1 byte | 1 byte | 2 bytes |+--------+--------+--------+-----------------+ | Optional Data (Variable) | +-----------------------------------+
Total Header: 6 bytes minimumByte Order
- Big-endian for all multi-byte integers
Magic Byte
- 0xD0 (fixed value for all DDM packets)
Format Byte
- 0x01: RPYDSS (Reply Data Stream Structure)
- 0x02: OBJDSS (Object Data Stream Structure)
- 0x03: RQSDSS (Request Data Stream Structure)
- 0x04: NMRQSDSS (Chained Request)
- 0x05: NMRPYDSS (Chained Reply)
Code Points (Major)
| Code | Name | Type | Description |
|---|---|---|---|
| 0x1041 | EXCSAT | Request | Exchange server attributes |
| 0x1443 | EXCSATRD | Reply | EXCSAT reply data |
| 0x106D | ACCSEC | Request | Access security |
| 0x14AC | ACCSECRD | Reply | ACCSEC reply data |
| 0x106E | SECCHK | Request | Security check (auth) |
| 0x1219 | SECCHKRD | Reply | SECCHK reply data |
| 0x1121 | SECCHKRM | Reply | SECCHK reply message (error) |
| 0x2001 | ACCRDB | Request | Access RDB |
| 0x2201 | ACCRDBRM | Reply | ACCRDB reply message |
| 0x2002 | CLSQRY | Request | Close query |
| 0x200C | CNTQRY | Request | Continue query |
| 0x200D | OPNQRY | Request | Open query |
| 0x200E | PRPSQLSTT | Request | Prepare SQL statement |
| 0x2408 | SQLCARD | Reply | SQL communications area |
| 0x2414 | SQLDARD | Reply | SQL descriptor area |
DDM Object Structure
Nested Object Format:+--------+--------+--------+-----------------+-----------------+| Length | Magic | Format | Code Point | Data || 2 bytes| 1 byte | 1 byte | 2 bytes | Variable |+--------+--------+--------+-----------------+-----------------+EXCSAT Packet
Offset | Size | Field-------|------|------0 | 2 | Length (e.g., 0x002A = 42 bytes)2 | 1 | Magic (0xD0)3 | 1 | Format (0x03 = RQSDSS)4 | 2 | Code Point (0x1041 = EXCSAT)
Objects:6 | Var | EXTNAM (0x115E): External name | | - Length (2 bytes) | | - Magic (0xD0) | | - Format (0x02 = OBJDSS) | | - Code Point (0x115E) | | - Data: 20-byte app ID + 8-byte process/thread ID
| Var | SRVCLSNM (0x1147): Server class name [optional] | | - Length | | - Magic (0xD0) | | - Format (0x02) | | - Code Point (0x1147) | | - Data: "SQLDB2 " (EBCDIC or ASCII)
| Var | SRVNAM (0x116D): Server name [optional] | Var | SRVRLSLV (0x115A): Server release level [optional]Example (hex):
00 2a (Length: 42)d0 (Magic)03 (Format: Request)10 41 (Code Point: EXCSAT)
00 1c (EXTNAM length: 28)d0 (Magic)02 (Format: Object)11 5e (Code Point: EXTNAM)50 59 54 48 (PYTHON_APP_V1.0 )4f 4e 5f 4150 50 5f 5631 2e 30 2020 20 20 2000 00 12 34 (Process ID: 0x1234)00 00 56 78 (Thread ID: 0x5678)EXCSATRD Reply
Offset | Size | Field-------|------|------0 | 2 | Length2 | 1 | Magic (0xD0)3 | 1 | Format (0x01 = RPYDSS)4 | 2 | Code Point (0x1443 = EXCSATRD)
Objects:6 | Var | SRVCLSNM (0x1147) | Var | SRVNAM (0x116D) | Var | SRVRLSLV (0x115A) | Var | EXTNAM (0x115E) [optional]ACCSEC Packet
Offset | Size | Field-------|------|------0 | 2 | Length2 | 1 | Magic (0xD0)3 | 1 | Format (0x03 = RQSDSS)4 | 2 | Code Point (0x106D = ACCSEC)
Objects:6 | Var | SECMEC (0x11A4): Security mechanism | | - Length (0x0008) | | - Magic (0xD0) | | - Format (0x02) | | - Code Point (0x11A4) | | - Data: 2-byte mechanism code | | * 0x0003 = USRIDPWD | | * 0x0004 = USRIDONL | | * 0x0007 = USRENCPWD | | * 0x0009 = EUSRIDPWD | | * 0x000B = DCE (Kerberos)
| Var | RDBNAM (0x2110): Database name [optional] | | - Length (0x0018) | | - Magic (0xD0) | | - Format (0x02) | | - Code Point (0x2110) | | - Data: 18-byte database name (space-padded)
| Var | SECTKN (0x11DC): Security token [optional]ACCSECRD Reply
Offset | Size | Field-------|------|------0 | 2 | Length2 | 1 | Magic (0xD0)3 | 1 | Format (0x01 = RPYDSS)4 | 2 | Code Point (0x14AC = ACCSECRD)
Objects:6 | Var | SECMEC (0x11A4): Selected mechanism (echoed) | Var | SECTKN (0x11DC): Server security token [if needed]SECCHK Packet (USRIDPWD)
Offset | Size | Field-------|------|------0 | 2 | Length2 | 1 | Magic (0xD0)3 | 1 | Format (0x03 = RQSDSS)4 | 2 | Code Point (0x106E = SECCHK)
Objects:6 | Var | USRID (0x11A0): User ID | | - Length | | - Magic (0xD0) | | - Format (0x02) | | - Code Point (0x11A0) | | - Data: User ID string (EBCDIC or ASCII) | | Example: "DEMO " (8 bytes, space-padded)
| Var | PASSWORD (0x11A1): Password | | - Length | | - Magic (0xD0) | | - Format (0x02) | | - Code Point (0x11A1) | | - Data: Password string (EBCDIC or ASCII) | | Example: "DEMOPASS"SECCHKRD Reply (Success)
Offset | Size | Field-------|------|------0 | 2 | Length (0x0006)2 | 1 | Magic (0xD0)3 | 1 | Format (0x01 = RPYDSS)4 | 2 | Code Point (0x1219 = SECCHKRD)
(No additional data for successful auth)ACCRDB Packet
Offset | Size | Field-------|------|------0 | 2 | Length2 | 1 | Magic (0xD0)3 | 1 | Format (0x03 = RQSDSS)4 | 2 | Code Point (0x2001 = ACCRDB)
Objects:6 | Var | RDBNAM (0x2110): Database name (18 bytes) | Var | RDBACCCL (0x210F): RDB access class | | - Length (0x0008) | | - Magic (0xD0) | | - Format (0x02) | | - Code Point (0x210F) | | - Data: 2-byte access class | | * 0x2407 = SQLAM | | * 0x2408 = RDA
| Var | PRDID (0x112E): Product ID | | - Length | | - Magic (0xD0) | | - Format (0x02) | | - Code Point (0x112E) | | - Data: Product ID string (e.g., "JCC04210")
| Var | TYPDEFNAM (0x002F): Type definition name | | - Length | | - Magic (0xD0) | | - Format (0x02) | | - Code Point (0x002F) | | - Data: Type def string | | * "QTDSQLASC" = ASCII | | * "QTDSQLX" = Mixed | | * "QTDSQLJVM" = Java/UTF-8ACCRDBRM Reply (Success)
Offset | Size | Field-------|------|------0 | 2 | Length2 | 1 | Magic (0xD0)3 | 1 | Format (0x01 = RPYDSS)4 | 2 | Code Point (0x2201 = ACCRDBRM)
Objects:6 | Var | PRDID (0x112E): Server product ID | Var | SRVCLSNM (0x1147): Server class | Var | TYPDEFNAM (0x002F): Agreed type definition | Var | CRRTKN (0x2135): Correlation token [optional]Character Encoding
EBCDIC Code Pages:
- CP037 (US/Canada)
- CP500 (International)
- CP273 (Germany)
ASCII/UTF-8 (when TYPDEFNAM = QTDSQLASC or QTDSQLJVM):
- Negotiate early to avoid EBCDIC conversion
String Encoding:
# EBCDICstring_bytes = "DEMO ".encode('cp037')
# ASCIIstring_bytes = "DEMO ".encode('ascii')
# UTF-8string_bytes = "DEMO ".encode('utf-8')5. Oracle TNS/TTC
TNS Packet Format
All TNS Packets:+--------+----------+--------+----------+----------+---------+| Length | Checksum | Type | Reserved | HdrCheck | Payload || 2 bytes| 2 bytes | 1 byte | 1 byte | 2 bytes | Variable|+--------+----------+--------+----------+----------+---------+
Total Header: 8 bytesByte Order
- Big-endian for all multi-byte integers
TNS Packet Types
| Type | Name | Description |
|---|---|---|
| 0x01 | CONNECT | Connection request |
| 0x02 | ACCEPT | Connection accepted |
| 0x03 | ACK | Acknowledgment |
| 0x04 | REFUSE | Connection refused |
| 0x05 | REDIRECT | Redirect to another address |
| 0x06 | DATA | Data packet |
| 0x07 | NULL | Null packet |
| 0x09 | ABORT | Abort connection |
| 0x0B | RESEND | Resend request |
| 0x0C | MARKER | Marker |
| 0x0D | ATTENTION | Attention |
| 0x0E | CONTROL | Control |
CONNECT Packet
TNS Header:Offset | Size | Field-------|------|------0 | 2 | Length (total packet length, big-endian)2 | 2 | Checksum (typically 0x0000)4 | 1 | Type (0x01 = CONNECT)5 | 1 | Reserved (0x00)6 | 2 | Header Checksum (typically 0x0000)
CONNECT Data:8 | 2 | Version (0x0138 = 312 for Oracle 11g/12c)10 | 2 | Version Compatible (0x012C = 300)12 | 2 | Service Options (flags) | | 0x0001 = Broken Connect Notify | | 0x0040 = Packet Checksum | | 0x0200 = Header Checksum | | 0x0400 = Full Duplex | | 0x0800 = Half Duplex14 | 2 | Session Data Unit (max SDU size, e.g., 0x2000 = 8192)16 | 2 | Max Transmission Unit (max TDU size, e.g., 0x7FFF = 32767)18 | 2 | NT Protocol Characteristics (0x4E54 = "NT")20 | 2 | Line Turnaround (0x0000)22 | 2 | Value of 1 (0x0001 = byte order test)24 | 2 | Data Length (length of connect data)26 | 2 | Data Offset (offset from start of packet)28 | 4 | Max Receivable Connect Data (0x00000000)32 | 1 | Connect Flags 0 (0x41)33 | 1 | Connect Flags 1 (0x41)34 | Var | Trace Cross Facility Items (optional) | Var | Connect Data (at specified offset) | | "(DESCRIPTION=...)" stringConnect Data Format (ASCII):
(DESCRIPTION= (CONNECT_DATA= (SERVICE_NAME=DEMO) (CID= (PROGRAM=python) (HOST=client) (USER=demo) ) ) (ADDRESS= (PROTOCOL=TCP) (HOST=server) (PORT=1521) ))Example Hex:
00 f4 (Length: 244)00 00 (Checksum: disabled)01 (Type: CONNECT)00 (Reserved)00 00 (Header checksum: disabled)01 38 (Version: 312)01 2c (Version compatible: 300)0c 41 (Service options)20 00 (SDU: 8192)7f ff (TDU: 32767)4e 54 (NT characteristics)00 00 (Line turnaround)00 01 (Value of 1)00 a0 (Data length: 160)00 3a (Data offset: 58)00 00 00 00 (Max connect data)41 (Flags 0)41 (Flags 1)...(DESCRIPTION=(CONNECT_DATA=(SERVICE_NAME=DEMO)...))ACCEPT Packet
TNS Header:Offset | Size | Field-------|------|------0 | 2 | Length2 | 2 | Checksum (0x0000)4 | 1 | Type (0x02 = ACCEPT)5 | 1 | Reserved (0x00)6 | 2 | Header Checksum (0x0000)
ACCEPT Data:8 | 2 | Version (0x0138)10 | 2 | Service Options (negotiated)12 | 2 | Session Data Unit (agreed SDU)14 | 2 | Max Transmission Unit (agreed TDU)16 | 2 | Value of 1 (0x0001)18 | 2 | Data Length (typically 0x0000)20 | 2 | Data Offset22 | 1 | Connect Flags (optional) | Var | Accept Data (optional, typically empty)DATA Packet
TNS Header:Offset | Size | Field-------|------|------0 | 2 | Length2 | 2 | Checksum (0x0000)4 | 1 | Type (0x06 = DATA)5 | 1 | Reserved (0x00)6 | 2 | Header Checksum (0x0000)
DATA Payload:8 | 2 | Data Flags10 | 1 | Data Type | | 0x01 = Protocol Negotiation | | 0x02 = Data Type Negotiation | | 0x03 = TTI Function Call11 | Var | Data (type-dependent)Protocol Negotiation (Data Type 0x01):
Client → Server: Data Type: 0x01 Payload: [0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00] (supported protocol versions)
Server → Client: Data Type: 0x01 Payload: - Selected Version: 0x06 - Character Set: "AL32UTF8\0" - National Character Set: "AL16UTF16\0"Data Type Negotiation (Data Type 0x02):
Client → Server: Data Type: 0x02 Payload: - Endianness: 0x01 (little-endian) or 0x00 (big-endian) - Character Set Form: 0x01 (explicit) - Conversion: 0x00 - ... (other data representations)
Server → Client: Data Type: 0x02 Payload: (acknowledgment)TTI Function Call (Data Type 0x03):
Offset | Size | Field-------|------|------0 | 1 | TTI Opcode | | 0x03 = OSQL (SQL execution) | | 0x05 = OALL7/OALL8 (bundled execution) | | 0x11 = OAUTH (authentication) | | 0x68 = O3LOGON (3-phase logon) | | 0x76 = O3LOGON (modern variant)1 | Var | Function-specific dataO3LOGON (TTI Opcode 0x76)
Phase 1 (Client → Server):
Data Type: 0x03 (TTI)TTI Opcode: 0x76Payload (key-value pairs): - AUTH_TERMINAL: Client hostname - AUTH_PROGRAM_NM: "python\0" - AUTH_MACHINE: Client machine name - AUTH_PID: Process ID (string) - AUTH_SID: User name (string) - AUTH_LOGON_USER: OS user - AUTH_ALTER_SESSION: SQL session settings - AUTH_DRIVER_NAME: "python-oracledb : 2.1.0" - SERVICE_NAME: "DEMO" - AUTH_VERSION: Client versionChallenge (Server → Client):
Data Type: 0x03 (TTI)TTI Opcode: 0x76Payload: - AUTH_SESSKEY: 64-byte session key (hex string) - AUTH_VFR_DATA: Server version, features - AUTH_SVR_DN: Server distinguished name [optional] - AUTH_SALT: Salt for password hashing [optional]Phase 2 (Client → Server):
Data Type: 0x03 (TTI)TTI Opcode: 0x76Payload: - AUTH_PASSWORD: Hashed password - AUTH_SESSKEY: Session key from server (echoed) - AUTH_RTT: Round-trip timeResult (Server → Client):
Data Type: 0x03 (TTI)TTI Opcode: 0x76Payload (success): - AUTH_STATUS: 0x00 - AUTH_SESSION_ID: Server session ID - AUTH_SERIAL_NUM: Session serial number
Payload (error): - ORA-01017: invalid username/password; logon deniedREFUSE Packet
TNS Header:Offset | Size | Field-------|------|------0 | 2 | Length2 | 2 | Checksum (0x0000)4 | 1 | Type (0x04 = REFUSE)5 | 1 | Reserved (0x00)6 | 2 | Header Checksum (0x0000)
REFUSE Data:8 | 2 | Refuse Reason Code | | 0x0001 = Unknown service name | | 0x0002 = Listener not running | | 0x0003 = Connection refused10 | 2 | Data Length12 | Var | Refuse Data (error message, ASCII)6. HTTP/REST APIs
General HTTP Structure
Request:<Method> <Path> HTTP/1.1\r\nHost: <hostname>\r\nAuthorization: <auth>\r\nContent-Type: application/json\r\nContent-Length: <length>\r\n\r\n<JSON body>
Response:HTTP/1.1 <status_code> <reason>\r\nContent-Type: application/json\r\nContent-Length: <length>\r\n\r\n<JSON body>Snowflake SQL API
Endpoint: POST /api/v2/statements
Request Headers:
Authorization: Bearer <jwt_token>Content-Type: application/jsonAccept: application/jsonX-Snowflake-Authorization-Token-Type: KEYPAIR_JWTUser-Agent: HeliosDB/1.0Request Body:
{ "statement": "SELECT * FROM table WHERE id = ?", "timeout": 60, "database": "demo", "schema": "public", "warehouse": "compute_wh", "role": "accountadmin", "bindings": { "1": { "type": "FIXED", "value": "123" } }, "parameters": { "MULTI_STATEMENT_COUNT": "0" }}Response Body (success):
{ "statementHandle": "uuid", "statementStatusUrl": "/api/v2/statements/uuid", "resultSetMetaData": { "numRows": 10, "rowType": [ { "name": "ID", "type": "FIXED", "nullable": false } ] }, "data": [["1"], ["2"]], "code": "090001", "message": "Statement executed successfully."}Databricks SQL API
Endpoint: POST /api/2.0/sql/statements
Request Headers:
Authorization: Bearer <databricks_pat>Content-Type: application/jsonRequest Body:
{ "warehouse_id": "abc123", "statement": "SELECT * FROM table WHERE id = :id", "parameters": [ { "name": "id", "value": "123", "type": "STRING" } ], "catalog": "main", "schema": "default", "disposition": "INLINE", "format": "JSON_ARRAY", "wait_timeout": "30s"}Response Body:
{ "statement_id": "uuid", "status": { "state": "SUCCEEDED" }, "manifest": { "schema": { "columns": [ { "name": "id", "type_name": "INT", "position": 0 } ] }, "total_row_count": 100 }, "result": { "data_array": [[123], [124]] }}Pinecone API
Endpoint: POST /vectors/upsert
Request Headers:
Api-Key: <pinecone_api_key>Content-Type: application/jsonRequest Body:
{ "vectors": [ { "id": "vec1", "values": [0.1, 0.2, 0.3], "metadata": { "category": "books" } } ], "namespace": "default"}Response Body:
{ "upsertedCount": 1}Query Endpoint: POST /query
Request Body:
{ "vector": [0.1, 0.2, 0.3], "topK": 10, "namespace": "default", "filter": { "category": {"$eq": "books"} }, "includeValues": true, "includeMetadata": true}7. Protocol Detection Reference
Magic Bytes Summary
PostgreSQL Startup: 00 00 00 XX [Length, big-endian] 00 03 00 00 [Protocol 3.0] or 00 02 00 00 [Protocol 2.0] Detection: Check length > 8, protocol == 0x00030000
MySQL HandshakeV10 (server sends first): XX XX XX 00 [Length (3 bytes) + Sequence 0] 0a [Protocol version 10] Detection: Server-initiated, first byte after seq == 0x0a
TDS PRELOGIN: 12 [Type: PRELOGIN] 01 [Status: EOM] XX XX [Length, big-endian] Detection: First byte == 0x12
DRDA EXCSAT: XX XX [Length, big-endian] d0 [Magic byte] 01/03 [Format: Reply/Request] 10 41 [Code Point: EXCSAT] Detection: Byte 2 == 0xD0, code point == 0x1041
Oracle TNS CONNECT: XX XX [Length, big-endian] 00 00 [Checksum] 01 [Type: CONNECT] 00 [Reserved] Detection: Byte 4 == 0x01, length matches
HTTP: 47 45 54 20 [GET ] 50 4f 53 54 [POST] Detection: Starts with "GET ", "POST ", "PUT ", etc.
TLS ClientHello: 16 [Content Type: Handshake] 03 01/03 03 [Version: TLS 1.0-1.2] XX XX [Length] 01 [Handshake Type: ClientHello] Detection: First byte == 0x16, check ALPN extensionTLS ALPN Identifiers
| Protocol | ALPN Identifier | IANA Registered |
|---|---|---|
| PostgreSQL | ”postgresql” | Yes |
| MySQL | (none) | No |
| HTTP/1.1 | ”http/1.1” | Yes |
| HTTP/2 | ”h2” | Yes |
| TDS | (none) | No |
| DRDA | (none) | No |
| Oracle | (none) | No |
Detection Algorithm Pseudocode
def detect_protocol(socket): peek = socket.peek(16)
# TLS detection if peek[0] == 0x16: # TLS Handshake tls_socket = wrap_tls(socket) alpn = tls_socket.selected_alpn_protocol() if alpn == "postgresql": return PostgreSQLHandler(tls_socket) elif alpn in ["h2", "http/1.1"]: return HTTPHandler(tls_socket) # Continue detection after TLS peek = tls_socket.peek(16)
# PostgreSQL: Length + Protocol version if len(peek) >= 8: length = struct.unpack("!I", peek[0:4])[0] protocol = struct.unpack("!I", peek[4:8])[0] if protocol in [0x00030000, 0x00020000]: return PostgreSQLHandler(socket)
# TDS: Type byte 0x12 if peek[0] == 0x12: return TDSHandler(socket)
# DRDA: Magic byte 0xD0 if len(peek) >= 6 and peek[2] == 0xD0: code_point = struct.unpack("!H", peek[4:6])[0] if code_point == 0x1041: # EXCSAT return DRDAHandler(socket)
# Oracle TNS: Type 0x01 (CONNECT) if len(peek) >= 8 and peek[4] == 0x01: length = struct.unpack("!H", peek[0:2])[0] if length > 8: # Valid TNS packet return OracleTNSHandler(socket)
# HTTP: Plain text if peek.startswith(b"GET ") or peek.startswith(b"POST "): return HTTPHandler(socket)
# MySQL: Server sends HandshakeV10 first return MySQLHandler(socket) # DefaultAppendix: Data Type Encodings
PostgreSQL Data Types (Text Format)
| Type | Text Representation | Example |
|---|---|---|
| int4 | Decimal string | ”42” |
| text | UTF-8 string | ”hello” |
| bool | ”t” or “f" | "t” |
| timestamp | ISO 8601 | ”2025-10-10 12:00:00” |
| bytea | Hex (\x…) | ”\x48656c6c6f” |
MySQL Data Types (Binary Protocol)
| Type | Binary Encoding | Notes |
|---|---|---|
| TINY (1 byte) | 1 byte | Signed/unsigned |
| SHORT (2 bytes) | 2 bytes LE | Signed/unsigned |
| LONG (4 bytes) | 4 bytes LE | Signed/unsigned |
| LONGLONG (8 bytes) | 8 bytes LE | Signed/unsigned |
| FLOAT (4 bytes) | IEEE 754 LE | |
| DOUBLE (8 bytes) | IEEE 754 LE | |
| STRING | Length-encoded | |
| DATETIME | 7-11 bytes | Year(2) + month(1) + day(1) + hour(1) + minute(1) + second(1) + microsecond(4) |
TDS Data Types
| Type | Type Code | Notes |
|---|---|---|
| INT1 | 0x30 | 1-byte int |
| INT2 | 0x34 | 2-byte int |
| INT4 | 0x38 | 4-byte int |
| INT8 | 0x7F | 8-byte int |
| NVARCHAR | 0xE7 | UTF-16LE, length-prefixed |
| DATETIME | 0x3D | 8 bytes (days since 1900-01-01 + time) |
| BINARY | 0xAD | Length-prefixed binary |
Document Status: Complete Coverage: All major protocols with packet-level detail Next Steps: Use as reference for protocol handler implementation