Question: This error appeared in the SQL Server Logs today.
Error: 17836, Severity: 20, State: 14. Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: an_ip]
How can I find out what application is attempting to connect ?
Answer: The most common reason for this error are Nessus scanners or similar detection intrusion systems. They usually scan servers looking for vulnerabilities. It’s not obvious from the logs – but you can build a correlation between the timings in the SQL Server Error logs and the Nessus Scanner schedules \ logs
The first clue is the CLIENT details specified in the error log. Use the nslookup command to find the FQDN. It may be obvious from the client name , and you can contact the server owner to find out if there are any applications attempting to connect
Another option is to use a network monitor tool to discover exactly which program \ logon is hitting the server.
For more detailed information about the error message use the Troubleshoot connectivity issues with Connectivity Ring Buffer