{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Anthone 的问题《MySQL queries coming on TCP instead of MySQL Proto》','https://www.manongdao.com/q-1125211.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm trying to capture MySQL activities through my web application and MySQL Server by using Wireshark on Windows. I've seen that most of questions about capturing packets related to MySQL return MySQL Protocol and the possibility of seeing the queries sent and their responses. Yet, when running Wireshark and using my application, I see only TCP packets coming and going, as can be seen in the pictures in the links below.
It's important to note that I've used tools like tshark and WinDump to collect packets through the network, but nothing worked.
Am I doing something wrong or it's a Wireshark bug?
Thanks for the answers! I did what was suggested by Christopher following Edit -> Preferences -> Protocols -> MySQL. There was nothing like "Port Number", but the issue was that "Show SQL Query string in INFO column" was not selected.
Wireshark has some logic which automatically determines type of traffic observed. I don't know the reason for it to fail in your case, but you can always manually point to the desired protocol. Right click on one of your TCP packets, click on "decode as" and choose "MySQL" in the last column.
The image provided indicates that the port in use is 3307, but the MySQL dissector registers by default on port 3306, which is the IANA-registered port for
mysqltraffic. So, when a non-standard port is used, you must make use of the "Decode As" feature of Wireshark, as nnovich-OK has already mentioned.Another option in many cases, which unfortunately is not yet available in this case, is to change the port number that the dissector registers for. The MySQL dissector does not offer a port preference though, but you could open a Wireshark bug report asking for such a preference to be added - even better if you submit a patch that actually implements it. Once a preference is available, then you could set it as desired via
Edit -> Preferences -> Protocols -> MySQL -> Port Number, similar to how many other dissectors allow a configurable port.