MySQL抓包数据协议分析.docx
《MySQL抓包数据协议分析.docx》由会员分享,可在线阅读,更多相关《MySQL抓包数据协议分析.docx(59页珍藏版)》请在冰豆网上搜索。
MySQL抓包数据协议分析
MySQL抓包数据协议分析(客户端到服务端的通讯协议)
1典型的MySql会话过程
描述
一次正常的过程如下:
1)三次握手建立tcp连接
2)建立MySql连接
a)服务端往客户端发送握手初始化包(HandshakeInitializationPacket)
b)客户端往服务端发送验证包(ClientAuthenticationPacket)
c)服务端往客户端发送成功包
3)客户端与服务端之间交互
a)客户端往服务端发送命令包(CommandPacket)
b)服务端往客户端发送回应包(OKPacket,orErrorPacket,orResultSetPacket)
4)断开MySql连接
a)客户端往服务端发送退出命令包
5)四次握手断开tcp连接
1.2举例(使用tcpdump抓包)
客户端在命令行模式下使用命令:
mysql–uroot–pdbaudit–h连上数据库抓取的数据包如下:
1.2.1登陆
1)三次握手建立连接
19:
00:
22.534342IP
>S8:
8(0)win8192
0x0000:
45000034
043f400040060801c0a85665
E..4.?
@.@.....Ve
0x0010:
c0a856cee8de0cea364d189e00000000
..V.....
6M......
0x0020:
80022000dbdd00000204
05b401030302
................
0x0030:
01010402
....
19:
00:
22.534390IP
S77:
77(0)ack9win5840
0x0000:
45000034
000040004006
0c40c0a856ce
E..4..@.@..@..V.
0x0010:
c0a856650ceae8dec4d71d4d364d189f
..Ve.......
M6M..
0x0020:
801216d0
02d300000204
05b401010402
................
0x0030:
01030307
....
19:
00:
22.534916IP
>.ack1win4380
1
0x0000:
45000028
0440
40004006080cc0a85665
E..(.@@.@
.....Ve
0x0010:
c0a856cee8de0cea364d189fc4d71d4e
..V.....
6M.....
N
0x0020:
5010
111c49590000000000000000
P...IY........
2)服务端向客户諯发送握手初始化包(
HandshakeInitializationPacket)
19:
00:
22.535632IP
P1:
79(78)ack1win46
0x0000:
45080076
0d33
40004006fec2c0a856ce
E..v.3@.@.....
V.
0x0010:
c0a856650ceae8dec4d71d4e364d189f
..Ve.......
N6M..
0x0020:
5018
002e
2eed
00004a0000000a352e35
P.......
J....
5.5
0x0030:
2e32
3100
8200
00002f7522467b582652
.21.....
/u"F{X&R
0x0040:
00fff70802000f801500000000000000
................
0x0050:
0000
004b
6128
40492d46565d53662900
...Ka(@I-FV]Sf).
0x0060:
6d79
7371
6c5f6e61746976655f706173
mysql_native_pas
0x0070:
7377
6f726400
sword.
3)客户端向服务端发送包含用户名密码的验证包(
ClientAuthenticationPacket)
19:
00:
22.536678IP
>P1:
63(62)ack79win4360
0x0000:
45000066
0441
4000400607cdc0a85665
E..f.A@.@.....
Ve
0x0010:
c0a856cee8de0cea364d189fc4d71d9c
..V.....
6M......
0x0020:
50181108b2d0
00003a00000185a60300
P.......
:
.......
0x0030:
00000001
0800
00000000000000000000
................
0x0040:
00000000
0000
000000000000726f6f74
............
root
0x0050:
0014ce031683429ecae8cb93543571f2
......B.....
T5q.
0x0060:
7439d842
1922
t9.B."
4)服务端向客户端发送一个空包(普通的
tcp包,跟mysql无关)
19:
00:
22.536748IP
.ack63win46
0x0000:
45080028
0d34
40004006ff0fc0a856ce
E..(.4@.@.....
V.
0x0010:
c0a856650ceae8dec4d71d9c364d18dd
..Ve........
6M..
0x0020:
5010002e
59bb
0000
P...
Y...
5)服务端向客户端发送一个成功包(
OKPacket)
19:
00:
22.536827IP
P79:
90(11)ack63win46
0x0000:
45080033
0d35
40004006ff03c0a856ce
E..3.5@.@.....
V.
0x0010:
c0a856650ceae8dec4d71d9c364d18dd
..Ve........
6M..
0x0020:
5018002e
2eaa
00000700000200000002
P...............
0x0030:
000000
...
6)客户端向服务端发送一个包(跟
mysql似乎无关,包头不符合协议标准)
19:
00:
22.734205IP
>.ack90win4357
0x0000:
45000028
0444
400040060808c0a85665
E..(.D@.@.....
Ve
0x0010:
c0a856cee8de0cea364d18ddc4d71da7
..V.....
6M......
0x0020:
50101105
48d9
0000000000000000
P...H.........
1.2.2客户端与服务端之间交互
客户端输入:
usemysql
服务端返回:
Databasechanged
2
1)客户端向服务端发送一个命令包(类型为
COM_QUERY)
19:
07:
56.352167IP
>P1:
3(22)ack67win4357
0x0000:
4500
003e
045040004006
07e6c0a85665
E..>.P@.@.....Ve
0x0010:
c0a856cee8de0cea364d18ddc4d71da7
..V.....
6M......
0x0020:
5018
1105fe850000120000000353454c
P............
SEL
0x0030:
4543
5420
444154414241
53452829
ECT.DATABASE()
2)服务端向客户端发送一个结果包(
ResultSet)
一个ResultSet包含了多个包,每个包都有自己的包头包体,
下面这个返回数据就包含了五个包(
1个ResultSetHeadPacket+1个FieldPacket+1个EOF
Packet+1个RowDataPacket+1个EOFPacket)
19:
07:
56.352413IP
P1:
65(64)ack22win46
0x0000:
45080068
0d3640004006fecdc0a856ce
E..h.6@.@.....
V.
0x0010:
c0a856650ceae8dec4d71da7364d18f3
..Ve........
6M..
0x0020:
5018
002e
2edf00000100000101200000
P...............
0x0030:
02036465
660000000a44415441424153
..def....
DATABAS
0x0040:
45282900
0c080022000000fd00001f00
E()....
"........
0x0050:
00050000
03fe0000020001000004fb05
................
0x0060:
0000
05fe00000200
........
3)客户端向服务端发送一个命令包(类型为
COM_INIT_DB)
19:
07:
56.353134IP
>P22:
32(10)ack65win4341
0x0000:
45000032
04514000400607f1c0a85665
E..2.Q@.@.....
Ve
0x0010:
c0a856cee8de0cea364d18f3c4d71de7
..V.....
6M......
0x0020:
501810f55534000006000000026d7973
P...U4.......
mys
0x0030:
716c
ql
4)服务端向客户端发送一个成功包(
OKPacket)
19:
07:
56.367217IP
P65:
76(11)ack32win46
0x0000:
45080033
0d3740004006ff01c0a856ce
E..3.7@.@.....
V.
0x0010:
c0a856650ceae8dec4d71de7364d18fd
..Ve........
6M..
0x0020:
5018002e
2eaa00000700000100000002
P...............
0x0030:
000000
...
5)客户端向服务端发送一个包(跟
mysql没什么关系,包头为
00000000)
19:
07:
56.561717IP
>.ack76win4339
0x0000:
45000028
04554000400607f7c0a85665
E..(.U@.@.....
Ve
0x0010:
c0a856cee8de0cea364d18fdc4d71df2
..V.....
6M......
0x0020:
501010f348800000000000000000
P...
H.........
客户端输入:
showtables
服务端返回:
查询结果,当前数据库中所有的表
1)客户端向服务端发送一个命令包(类型为
COM_QUERY)
19:
22:
17.971933IP
>P3:
9(16)ack42win4339
0x0000:
4500
003804664000400607d6c0a85665
E..8.f@.@.....Ve
0x0010:
c0a856cee8de0cea364d18fdc4d71df2
..V
.....6M......
0x0020:
5018
10f31d2400000c0000000373686f
P....
$.......sho
0x0030:
7720
7461626c6573
w.tables
3
2)服务端向客户端发送一个普通的
tcp包
19:
22:
18.011368IP
.ack16win46
0x0000:
4508
00280d38
40004006ff0bc0a856ce
E..(.8@.@.....
V.
0x0010:
c0a856650ceae8dec4d71df2364d190d
..Ve........
6M..
0x0020:
5010
002e5935
0000
P...Y5..
3)服务端向客户端发送一个响应结果包(
ResultPackets)
19:
22:
18.031320IP
P1:
521(520)ack16win46
0x0000:
4508
02300d39
40004006fd02c0a856ce
E..0.9@.@.....
V.
0x0010:
c0a856650ceae8dec4d71df2364d190d
..Ve........
6M..
0x0020:
5018
002e30a7
00000100000101570000
P...
0........
W..
0x0030:
0203
64656612
696e666f726d6174696f
..def.informatio
0x0040:
6e5f736368656d610b5441424c455f4e
n_schema.TABLE_N
0x0050:
414d
45530b54
41424c455f4e414d4553
AMES.TABLE_NAMES
0x0060:
0f5461626c65735f696e5f6d7973716c
.Tables_in_mysql
0x0070:
0a54
41424c455f4e414d450c08004000
.TABLE_NAME...@.
0x0080:
0000fd010000000005000003fe000022
...............
"
0x0090:
000d
0000040c636f6c756d6e735f7072
......columns_pr
0x00a0:
6976
03000005
0264620a000006096462
iv.....
db.....
db
0x00b0:
5f6f705f6c6f6706000007056576656e
_op_log.....
even
0x00c0:
74050000080466756e630c0000090b67
t.....
func.....
g
0x00d0:
656e6572616c
5f6c6f670e00000a0d68
eneral_log.....
h
0x00e0:
656c705f63617465676f72790d00000b
elp_category....
0x00f0:
0c68656c705f6b6579776f72640e0000
.help_keyword...
0x0100:
0c0d68656c705f72656c6174696f6e0b
..help_relation.
0x0110:
0000
0d0a6865
6c705f746f7069630500
....help_topic..
0x0120:
000e
04686f73741100000f106e64625f
...host.....
ndb_
0x0130:
6269
6e6c6f675f696e64657807000010
binlog_index....
0x0140:
0670
6c7567696e050000110470726f63
.plugin.....
proc
0x0150:
0b00
00120a70
726f63735f707269760d
.....procs_priv.
0x0160:
0000
130c70726f786965735f70726976
....proxies_priv
0x0170:
0800
00140773
65727665727309000015
.....servers....
0x0180:
0873
6c6f775f6c6f670c0000160b7461
.slow_log.....
ta
0x0190:
626c65735f7072697605000017047465
bles_priv.....
te
0x01a0:
7374
06000018
0574657374310a000019
st.....
test1....
0x01b0:
0974696d655f7a6f6e651600001a1574
.time_zone.....
t
0x01c0:
696d655f7a6f6e655f6c6561705f7365
ime_zone_leap_se
0x01d0:
636f6e640f00001b0e74696d655f7a6f
cond
.....time_zo
0x01e0:
6e65
5f6e616d651500001c1474696d65
ne_name.....
time
0x01f0:
5f7a6f6e655f7472616e736974696f6e
_zone_transition
0x0200:
1a00
001d1974
696d655f7a6f6e655f74
.....time_zone_t
0x0210:
7261
6e736974
696f6e5f747970650500
ransition_type..
0x0220:
001e
04757365
720500001ffe00002200
...user.......
".
4)客户端向服务端发送一个普通的
tcp包
19:
22:
18.232503IP
>.ack521win4209
4
0x0000:
45000028
046b
40004006
07e1c0a85665
E..(.k@.@.....Ve
0x0010:
c0a856cee8de0cea364d190dc4d71ffa
..V.....6M......
0x0020:
50101071
46ea
00000000
00000000
P..qF.........
1.2.3退出
客户端在命令行模式下输入命令:
quit退出数据库
1)客户端向服务端发送一个退出的命令包
15:
50:
46.533701IP>P0:
5(5)ack79win4357
0x0000:
4500002d039d4000400608aac0a85665E..-..@.@.....Ve
0x0010:
c0a856cee58f0cea317644b4c11e6e97..V.....1vD...n.
0x0020:
50181105d5e30000010000000100P.............
2)三次握手断开连接(断开连接不是四次握手吗?
但实际情况下测试如果是正常的退出只有三次握手的过程)
15:
50:
46.533733IP
>F5:
5(0)ack1win4357
0x0000:
45000028039e4000400608aec0a8