This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Mate filter for MySQL

0

Hi guys I'm having a little trouble with my mate filter for MySQL I'm trying to write the start and stop conditions, but can't seem to work out how we find the last packet - it's quite clear in the packet list, but I can't build the Gop or the Gog from it.

Gop mysql_req On mysql_pdu Match (mysql_addr, mysql_addr, mysql_port, mysql_port,mysql_command, mysql_eof) {
        Start (mysql_command = 3);
        Stop (mysql_eof = 254);
};

I would have thought the start would be the query (mysql_command = 3) and the stop would be mysql_eof = 254, but I never get a completed gop

I'm really trying to find a way to pull out the long queries and find out what's causing them - in particular when we are unable to get a table lock within a reasonable timeframe. I've got the mysql slow logs, where I can see the issues occurring, but it would be really nice to be able to build the complete extractor.

asked 25 Apr '13, 16:04

Scott%20Harman's gravatar image

Scott Harman
46131319
accept rate: 50%

One Answer:

0

Just came across this while looking for another question...

I'm guessing your GoP never completes because the PDUs in the GoP must all have the same mysql_command and mysql_eof (in the Match parameters). The responses aren't going to have the command number and the queries aren't going to have the eof indicator.

At least the first step in getting this working will be to remove the command and eof fields from the Match line.

answered 15 Sep '15, 07:33

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%