Wireshark-bugs: [Wireshark-bugs] [Bug 10338] New: MySQL: Request Unknown (133) (SSL: Handshake r
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sun, 03 Aug 2014 11:25:12 +0000
Bug ID 10338
Summary MySQL: Request Unknown (133) (SSL: Handshake response packet)
Classification Unclassified
Product Wireshark
Version Git
Hardware All
OS All
Status UNCONFIRMED
Severity Minor
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter wireshark@myname.nl 

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
After the MySQL protocol has established a SSL connection the first packet is a
HandshakeResponse packet (aka Login Request).

http://dev.mysql.com/doc/internals/en/ssl.html
http://dev.mysql.com/doc/internals/en/connection-phase-packets.html#packet-Protocol::HandshakeResponse

When SSL is not used the login request is parsed ok, but not when it's in the
SSL connection.

This is because dissect_mysql_pdu() uses this:
if (packet_number == 1) {
  col_set_str(pinfo->cinfo, COL_INFO, "Login Request");
  offset = mysql_dissect_login(tvb, pinfo, offset, mysql_tree, conn_data);

The loginrequest within the SSL stream is not packet_number 1. (it however is
the first packet in the ssl stream)

If I change it to:
"if ((packet_number == 1) || (packet_number == 2)) {"
then it works, but that's probably not the correct way of doing it.

You are receiving this mail because:
  • You are watching all bug changes.