Friday , October 7 2022

How to get the network packets between MySQL client and server?


Sometimes when we get ERROR messages such as the communication failure, MySQL server not responds your requests, or we want to know what the client sent to MySQL and how MySQL responds? Then we can capture network packets of the client and MySQL server.



Capturer tool: tcpdump command on Linux

Packets Analyzer: Wireshark

MySQL Version: 8.0.12

MySQL Port: 8001


1. Capture packets

(1) Start capturing packets

This command means that capturing packets of port 8001 and writing result to the tmp.pcap file.

Also you can get more information about tcpdump at .

(2) Connect to MySQL Server and execute your queries

Open a new session for MySQL client.


(3) Stop capturing

Just enter Ctrl+c to stop capturing process. Then we can get a file named tmp.pcap.


2. Analyze packets

Send the tmp.pcap file to a Windows PC, and using Wireshark to open it(Click File–Open to choose the packet file). After that, Wireshark shows the packets information as below.

There are a lot of information, and we just check the Data part of the Packet Details Pane this time.

Then choose one of the TCP stream, ‘8001 -> 50615’ and ‘50615 -> 8001’ at the Info column mean the source and destination ports, right click —-> Follow —-> TCP Stream, after that, we can get the data details during the capturing time.

As the TCP Stream showing below, we can see what information has been transmitted on the network.

And we can choose ‘8001 —-> 50615(send from MySQL server)’ or  ‘50615 —->8001(send to MySQL server)’, and if ‘choosing 50615 —-> 8001’, then we can get the information we just executed:

And we can see some key words like ‘caching_sha2_password‘(MySQL password encryption method), ‘mysql._client_version.8.0.12‘(MySQL Client version), ‘show databases‘, ‘show tables‘, ‘select * from t1‘.Also, we can get the information the server responds to these queries:

Then we can get the data that server sent to client, such as ‘8.0.12‘,’caching_sha2_password‘, ‘mysql_native_password‘, ‘MySQL Community Server – GPL‘,’information_schema, mysql, performance_schema,sys, wstest‘ and so on. And these information are just what we can get after we execute queries.

In our daily work, we can use this method to find out what information has been sent between the MySQL client and server. Also we can use it for auditing MySQL by analyzing packets, and this way won’t affect the performance of database instance because the audit log  is obtained through capturing network packets.

Shuo Wang
Author: Shuo Wang

About Shuo Wang

Leave a Reply

Your email address will not be published. Required fields are marked *