This is a static archive of our old Q&A Site. Please post any new questions and answers at

SSL MySQL Need help to construe wireshark



I use wireshark the first time to make sure that my MS Access connection to the MYSQL Database (Webserver) is SSL secured.

Now I got foue lines (protocols?) first and third line (PC to Server): Login Request User=And the second line (Server to PC): Server greeting proto=10 version=5.5.37-0+wheezy1In this three lines the MYSQL Protocol tells me: Switch to SSL after handshake: Set'That sound great!But the last line and the second line (Server to PC) tells me: Switch to SSL after handshake: Not SetFurthermore in the last line and the: the Payload protocol has a yellow background an tells me:
[Expert Info (warn/ undecoded): FIXME - dissector is incomplete]
[Message: FIXME - dissector is incomplete]
[Severity level: Warn]
[Group: Undecoded]
Now my question: Is my connection save or not?I don't dare to post the protocols because I don't know which of the lines have relevant security informations.Thanks Sebastian

asked 01 Jun '14, 08:24

Sebastian12345's gravatar image

accept rate: 0%

edited 01 Jun '14, 08:31

One Answer:


Select one frame, right click it and select 'Follow TCP Stream'. If you can read ASCII Text in the popup window, like SQL commands (SELECT etc.) the connection is not encrypted.

You can test that procedure and compare the results with the following MySQL capture file


answered 01 Jun '14, 13:31

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
accept rate: 15%

edited 01 Jun '14, 15:18

Hello Kurt,

thanks, Danke!

It looks like my connection is encrypted. Although the first lines which I can read shows the following clear text ("vQp^hui!.mysql_native_passwort as well as the official Adress of my hoster. But thats nothing I have to worry about, right?

.....>[email protected]!`..H.U<...L.

In your example file it is not encrypted, right?

Regards Sebastian

(02 Jun '14, 03:25) Sebastian12345

It looks like my connection is encrypted.

well, without the file I cannot say anything about that. The small snippet you posted gives no clear indication.

But, if you are not seeing any cleartext in the whole file (after you retrieved some data), chances are good, that the connection is encrypted.

Unfortunately I don't have access to a capture file with SSL encrypted MySQL traffic, so I cannot check if there is a better criteria.

You could try to "Decode As" the connections as SSL and check if Wireshark detects a SSL handshake.

  • select one frame
  • right click it
  • select "Decode As"
  • select "Transport [tab]"
  • select "SSL" (in the list of protocols on the right side)

Then use the following display filter: ssl. If you see any frames, especially a CLIENT HELO and a SERVER HELO, the connection is (most certainly) encrypted!

In your example file it is not encrypted, right?


(02 Jun '14, 07:51) Kurt Knochner ♦