How can I snif MySQL data using WireShark? Also I used «mysqlsniffer» and have no results. There are no any packets from MySQL. I've filtered by «MySQL.isPresent» in WireShark but nothing happened.
MySQL installed on Ubuntu 10.10 from repository. Here is my.conf: http://pastebin.com/jkJU773E
Also I can telnet to MySQL:
halo@desktop:~$ telnet localhost 3306
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
?
5.1.49-1ubuntu8.1�otw|(N2iL~Vsam~Sbr9
^CConnection closed by foreign host.
halo@desktop:~$
By default, on localhost, mysql actually connects over a UNIX socket. Add
-h 127.0.0.1to yourmysqlline to force communication over TCP.Are you sure you're sniffing the right interface? If you're connecting locally as in your example you should attach to the loopback interface (
lo) instead ofeth0or any othereth*.I don't know MySQL.isPresent, have you tried filtering tcp port 3306? It should be enough, really.
As an alternative, you can capture the traffic using tcpdump on the commandline and then open the dump file with wireshark:
Replace lo with eth0, etc. if needed.