HI, From the sourcecode: * MySQL 4.1+ protocol
So it looks like the protocol changed. Thanx, Jaap On Tue, 14 Nov 2006, Rachel McConnell wrote: > Hi, > > I am using Wireshark to try to analyze some MySQL database traffic on a > remote network behind a firewall. I have used tcpdump to get a file > which I then open in Wireshark for analysis. > > I'm using Wireshark 0.99.4 (downloaded and installed yesterday) and > MySQL 5.0.24. > > In the request packets from the client, I can drill down to MySQL > Protocol > Command and see, for example, "SELECT * FROM foo". In the > response packets, however, no data is displayed - I've pasted an example > below. > > Is the MySQL protocol ... plugin, I guess ... unfinished? Did MySQL > change their API in version 5? I haven't tried installing a 4.x version > locally and sniffing that traffic. Might I have used some tcpdump flag > that's changing my data enough that Wireshark doesn't understand it? > > I have searched all the wireshark docs I can find, and googled > unsuccessfully for "wireshark mysql" and variations. Any ideas on this, > or suggestions for further research are much appreciated. > > Thanks, > Rachel > > response packet example: > ======================== > > MySQL Protocol > Packet Length: 1 > Packet Number: 1 > Payload: unknown/invalid response > > MySQL Protocol > Packet Length: 63 > Packet Number: 2 > Payload: unknown/invalid response > > MySQL Protocol > Packet Length: 73 > Packet Number: 3 > Payload: unknown/invalid response > > MySQL Protocol > Packet Length: 69 > Packet Number: 4 > Payload: unknown/invalid response > > ... > > MySQL Protocol > Packet Length: 5 > Packet Number: 13 > EOF marker (254) > Warnings: 0 > Server Status: 0x0002 > .... .... .... ...0 = In transaction: Not set > .... .... .... ..1. = AUTO_COMMIT: Set > .... .... .... .0.. = More results: Not set > .... .... .... 0... = Multi query - more resultsets: Not set > .... .... ...0 .... = Bad index used: Not set > .... .... ..0. .... = No index used: Not set > .... .... .0.. .... = Cursor exists: Not set > .... .... 0... .... = Last row sebd: Not set > .... ...0 .... .... = database dropped: Not set > .... ..0. .... .... = No backslash escapes: Not set > > > > _______________________________________________ > Wireshark-users mailing list > [email protected] > http://www.wireshark.org/mailman/listinfo/wireshark-users > > _______________________________________________ Wireshark-users mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-users
