MySQL抓包数据协议分析.docx

《MySQL抓包数据协议分析.docx》由会员上传分享，免费在线阅读，更多相关内容在应用文档-天天文库。

1、MySQL抓包数据协议分析（客户端到服务端的通讯协议）1典型的MySql会话过程描述一次正常的过程如下：1）三次握手建立tcp连接2）建立MySql连接a)服务端往客户端发送握手初始化包(HandshakeInitializationPacket)b)客户端往服务端发送验证包(ClientAuthenticationPacket)c)服务端往客户端发送成功包3）客户端与服务端之间交互a)客户端往服务端发送命令包（CommandPacket）b)服务端往客户端发送回应包（OKPacket,orErrorPacket,orRe

2、sultSetPacket）4)断开MySql连接a)客户端往服务端发送退出命令包5)四次握手断开tcp连接1.2举例(使用tcpdump抓包)客户端在命令行模式下使用命令：mysql–uroot–pdbaudit–h192.168.86.206连上数据库抓取的数据包如下：1.2.1登陆1)三次握手建立连接19:00:22.534342IP192.168.86.101.59614>localhost.localdomain.mysql:S911022238:911022238(0)win8192

3、scale2,nop,nop,sackOK>0x0000:45000034043f400040060801c0a85665E..4.?@.@.....Ve0x0010:c0a856cee8de0cea364d189e00000000..V.....6M......0x0020:80022000dbdd0000020405b401030302................0x0030:01010402....19:00:22.534390IPlocalhost.localdomain.mysql>192.168.86.10

4、1.59614:S3302432077:3302432077(0)ack911022239win58400x0000:450000340000400040060c40c0a856ceE..4..@.@..@..V.0x0010:c0a856650ceae8dec4d71d4d364d189f..Ve.......M6M..0x0020:801216d002d30000020405b401010402................0x0030:0103

5、0307....19:00:22.534916IP192.168.86.101.59614>localhost.localdomain.mysql:.ack1win43800x0000:45000028044040004006080cc0a85665E..(.@@.@.....Ve0x0010:c0a856cee8de0cea364d189fc4d71d4e..V.....6M.....N0x0020:5010111c49590000000000000000P...IY........2)服务端向客户諯发送握手初始化包（H

6、andshakeInitializationPacket）19:00:22.535632IPlocalhost.localdomain.mysql>192.168.86.101.59614:P1:79(78)ack1win460x0000:450800760d3340004006fec2c0a856ceE..v.3@.@.....V.0x0010:c0a856650ceae8dec4d71d4e364d189f..Ve.......N6M..0x0020:5018002e2eed00004a0000000a352e35P.

7、......J....5.50x0030:2e323100820000002f7522467b582652.21...../u"F{X&R0x0040:00fff70802000f801500000000000000................0x0050:0000004b612840492d46565d53662900...Ka(@I-FV]Sf).0x0060:6d7973716c5f6e61746976655f706173mysql_native_pas0x0070:73776f726400sword.3)客户端

8、向服务端发送包含用户名密码的验证包（ClientAuthenticationPacket）19:00:22.536678IP192.168.86.101.59614>localhost.localdomain.mysql:P1:63(62)ack79win43600x0000:4500006604414