HI,
>From the sourcecode:
* MySQL 4.1+ protocol
So it looks like the protocol changed.
Thanx,
Jaap
On Tue, 14 Nov 2006, Rachel McConnell wrote:
> Hi,
>
> I am using Wireshark to try to analyze some MySQL database traffic on a
> remote network behind a firewall. I have used tcpdump to get a file
> which I then open in Wireshark for analysis.
>
> I'm using Wireshark 0.99.4 (downloaded and installed yesterday) and
> MySQL 5.0.24.
>
> In the request packets from the client, I can drill down to MySQL
> Protocol > Command and see, for example, "SELECT * FROM foo". In the
> response packets, however, no data is displayed - I've pasted an example
> below.
>
> Is the MySQL protocol ... plugin, I guess ... unfinished? Did MySQL
> change their API in version 5? I haven't tried installing a 4.x version
> locally and sniffing that traffic. Might I have used some tcpdump flag
> that's changing my data enough that Wireshark doesn't understand it?
>
> I have searched all the wireshark docs I can find, and googled
> unsuccessfully for "wireshark mysql" and variations. Any ideas on this,
> or suggestions for further research are much appreciated.
>
> Thanks,
> Rachel
>
> response packet example:
> ========================
>
> MySQL Protocol
> Packet Length: 1
> Packet Number: 1
> Payload: unknown/invalid response
>
> MySQL Protocol
> Packet Length: 63
> Packet Number: 2
> Payload: unknown/invalid response
>
> MySQL Protocol
> Packet Length: 73
> Packet Number: 3
> Payload: unknown/invalid response
>
> MySQL Protocol
> Packet Length: 69
> Packet Number: 4
> Payload: unknown/invalid response
>
> ...
>
> MySQL Protocol
> Packet Length: 5
> Packet Number: 13
> EOF marker (254)
> Warnings: 0
> Server Status: 0x0002
> .... .... .... ...0 = In transaction: Not set
> .... .... .... ..1. = AUTO_COMMIT: Set
> .... .... .... .0.. = More results: Not set
> .... .... .... 0... = Multi query - more resultsets: Not set
> .... .... ...0 .... = Bad index used: Not set
> .... .... ..0. .... = No index used: Not set
> .... .... .0.. .... = Cursor exists: Not set
> .... .... 0... .... = Last row sebd: Not set
> .... ...0 .... .... = database dropped: Not set
> .... ..0. .... .... = No backslash escapes: Not set
>
>
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>