mysql抓包数据协议分析

《mysql抓包数据协议分析》由会员上传分享，免费在线阅读，更多相关内容在工程资料-天天文库。

1、MySQL抓包数据协议分析(客户端到服务端的通讯协议)1典型的MySql会话过程描述一次正常的过程如下：1.三次握手建立tcp连接2.建立MySql连接1.服务端往客户端发送握手初始化包(HandshakeInitializationPacket)2.客户端往服务端发送验证包(ClientAuthenticationPacket)3.服务端往客户端发送成功包4.客户端与服务端之间交互1.客户端往服务端发送命令包(CommandPacket)2.服务端往客户端发送回应包(OKPacket,orErrorPacket,orResultSetPacket)4)断开MySql连接1.客户端往服务端发

2、送退出命令包5)四次握手断开tcp连接1.2举例(使用tcpdump抓包)客户端在命令行模式下使用命令：mysql-uroot-pdbaudit-h192.168.86.206连上数据库抓取的数据包如下：1.2.1登陆1)三次握手建立连接19:00:22.534342IP192.168.86.101.59614>localhost.localdomain.mysql:S911022238:911022238(0)win81920x0000:45000034043f400040060801c0a85665E..4.?@.@

3、.....Ve0x0010:c0a856cee8deOcea364d189e000000000x0020:80022000dbdd0000020405b4010303020x0030:01010402....19:00:22.534390IPlocalhost.localdomain.mysql>192.168.86.101.59614:S3302432077:3302432077(0)ack911022239win58400x0000:450000340000400040060c40c0a856ceE..4..@.@.

4、.@..V.0x0010:c0a85665Oceae8dec4d7ld4d364d189f,.VeM6M..0x0020:801216d002d30000020405b4010104020x0030:01030307....19:00:22.534916IP192.168.86.101.59614>localhost.localdomain.mysql:.ack1win43800x0000:45000028044040004006080cc0a85665E..(.@@.@.....Ve0x0010:c0a856cee8deOcea364d189fc4d7ld4e.....N0x0020:50

5、10111c49590000000000000000P...IY.2)服务端向客户謂发送握手初始化包(HandshakeInitializationPacket)19:00:22.535632IPlocalhost.localdomain.mysql>192.168.86.101.59614:P1:79(78)ack1win460x0000:450800760d3340004006fec2c0a856ceE..v.3@.@.....V.0x0010:c0a85665Oceae8dec4d7ld4e364d189f..VeN6M..0x0020:5018002e2eed00004a000000

6、0a352e35P.......J....5.50x0030:2e323100820000002f7522467b582652.21...../u"F{X&R0x0040:OOfff70802000f8015000000000000000x0050:0000004b612840492d46565d53662900...Ka(@l-FV]Sf).0x0060:6d7973716c5f6e61746976655f706173mysql_native_pas0x0070:73776f726400sword.1)客户端向服务端发送包含用户名密码的验证包(ClientAuthenticationPac

7、ket)19:00:22.536678IP192.168.86.101.59614>localhost.localdomain.mysql:P1:63(62)ack79win43600x0000:4500006604414000400607cdc0a85665E..f.A@.@.....Ve0x0010:c0a856cee8deOcea364d189fc4d7ld9c......0x0020:50181108