Hello I use wireshark the first time to make sure that my MS Access connection to the MYSQL Database (Webserver) is SSL secured. Now I got foue lines (protocols?) first and third line (PC to Server):Login Request User=And the second line (Server to PC): Server greeting proto=10 version=5.5.37-0+wheezy1In this three lines the MYSQL Protocol tells me: Switch to SSL after handshake: Set'That sound great!But the last line and the second line (Server to PC) tells me: Switch to SSL after handshake: Not SetFurthermore in the last line and the: the Payload protocol has a yellow background an tells me:asked 01 Jun '14, 08:24  Sebastian12345 edited 01 Jun '14, 08:31 |
One Answer:
Select one frame, right click it and select 'Follow TCP Stream'. If you can read ASCII Text in the popup window, like SQL commands (SELECT etc.) the connection is not encrypted. You can test that procedure and compare the results with the following MySQL capture file
Regards answered 01 Jun '14, 13:31  Kurt Knochner ♦ edited 01 Jun '14, 15:18 |
Hello Kurt,
thanks, Danke!
It looks like my connection is encrypted. Although the first lines which I can read shows the following clear text ("vQp^hui!.mysql_native_passwort as well as the official Adress of my hoster. But thats nothing I have to worry about, right?
In your example file it is not encrypted, right?
Regards Sebastian
well, without the file I cannot say anything about that. The small snippet you posted gives no clear indication.
But, if you are not seeing any cleartext in the whole file (after you retrieved some data), chances are good, that the connection is encrypted.
Unfortunately I don't have access to a capture file with SSL encrypted MySQL traffic, so I cannot check if there is a better criteria.
You could try to "Decode As" the connections as SSL and check if Wireshark detects a SSL handshake.
Then use the following display filter: ssl. If you see any frames, especially a CLIENT HELO and a SERVER HELO, the connection is (most certainly) encrypted!
right.