[Wireshark-users] MySQL packets showing "unknown/invalid protocol"

Tue, 14 Nov 2006 11:43:48 -0800 

Hi,

I am using Wireshark to try to analyze some MySQL database traffic on a
remote network behind a firewall.  I have used tcpdump to get a file
which I then open in Wireshark for analysis.

I'm using Wireshark 0.99.4 (downloaded and installed yesterday) and
MySQL 5.0.24.

In the request packets from the client, I can drill down to MySQL
Protocol > Command and see, for example, "SELECT * FROM foo".  In the
response packets, however, no data is displayed - I've pasted an example
below.

Is the MySQL protocol ... plugin, I guess ... unfinished?  Did MySQL
change their API in version 5?  I haven't tried installing a 4.x version
locally and sniffing that traffic.  Might I have used some tcpdump flag
that's changing my data enough that Wireshark doesn't understand it?

I have searched all the wireshark docs I can find, and googled
unsuccessfully for "wireshark mysql" and variations.  Any ideas on this,
or suggestions for further research are much appreciated.

Thanks,
Rachel

response packet example:
========================

MySQL Protocol
   Packet Length: 1
   Packet Number: 1
   Payload: unknown/invalid response

MySQL Protocol
   Packet Length: 63
   Packet Number: 2
   Payload: unknown/invalid response

MySQL Protocol
   Packet Length: 73
   Packet Number: 3
   Payload: unknown/invalid response

MySQL Protocol
   Packet Length: 69
   Packet Number: 4
   Payload: unknown/invalid response

...

MySQL Protocol
   Packet Length: 5
   Packet Number: 13
   EOF marker (254)
   Warnings: 0
   Server Status: 0x0002
     .... .... .... ...0 = In transaction: Not set
     .... .... .... ..1. = AUTO_COMMIT: Set
     .... .... .... .0.. = More results: Not set
     .... .... .... 0... = Multi query - more resultsets: Not set
     .... .... ...0 .... = Bad index used: Not set
     .... .... ..0. .... = No index used: Not set
     .... .... .0.. .... = Cursor exists: Not set
     .... .... 0... .... = Last row sebd: Not set
     .... ...0 .... .... = database dropped: Not set
     .... ..0. .... .... = No backslash escapes: Not set



_______________________________________________
Wireshark-users mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-users

Reply via email to