>>>>> "Daniel" == Daniel Nichter <daniel@stripped> writes:
Daniel> I am hacking on the MySQL protocol using hex dumps from tcpdump like the
Daniel> 0x0000: 4508 004e 266f 4000 3e06 650b 0a36 d4ab
Daniel> 0x0010: 0a37 c80f c1ff 0cea 3a17 3786 3927 f142
Daniel> 0x0020: 8018 ffff d5a3 0000 0101 080a 22f5 83d3
Daniel> 0x0030: 40e0 fd21 1300 0000 0000 000f 0000 0003
Daniel> 0x0040: 7368 6f77 2064 6174 6162 6173 6573 188d
Daniel> 0x0050: 06f4
Daniel> I have a good grasp of the MySQL protocol but this particular packet confuses
Daniel> me. The TCP header says that itself is 8 32-bit words long, therefore the
Daniel> MySQL header should begin with '1300 0000 000...'. Yet the MySQL header does
Daniel> not seem to actually begin until '0f 0000 0003...' which is a "show databases"
Daniel> query. What, then, is this extra data '1300 0000 0000 00'?
Daniel> I thought maybe it is a compressed packet, but the CLIENT_COMPRESS flag is off
Daniel> in the client's handshake packet and the doc says that a compression header
Daniel> only adds an extra 3 bytes.
It's probable a compressed packet after all. Please verify your compress flag!
Here is a breakdown of the packet:
13 00 00 19 byte data follows
00 Packet number (incremented for each packet as part of this
00 00 00 Length of original data before compression; 00 00 00
means data was not compressed (becasue compression was not
0f 00 00 15 bytes of (normally compressed data) data follows
00 Compressed packet number (incremented for each packet)
73 68 ... show databases
Note that within one compressed packet, we may have many logical data
packets, for example when reading rows where compression is done over
For information of MariaDB, the community developed server based on
source code from MySQL, check out www.askmonty.org