No. Time Source Destination Protocol Info 1 0.000000 192.168.2.204 192.168.2.202 TCP 47643 > mysql [SYN] Seq=0 Len=0 MSS=1460 TSV=3703674 TSER=0 WS=2 Frame 1 (76 bytes on wire, 76 bytes captured) Arrival Time: Nov 8, 2007 13:17:12.963779000 [Time delta from previous packet: 0.000000000 seconds] [Time since reference or first frame: 0.000000000 seconds] Frame Number: 1 Packet Length: 76 bytes Capture Length: 76 bytes [Frame is marked: False] [Protocols in frame: sll:ip:tcp] [Coloring Rule Name: TCP SYN/FIN] [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1] Linux cooked capture Packet type: Sent by us (4) Link-layer address type: 1 Link-layer address length: 6 Source: Elitegro_84:91:c1 (00:14:2a:84:91:c1) Protocol: IP (0x0800) Internet Protocol, Src: 192.168.2.204 (192.168.2.204), Dst: 192.168.2.202 (192.168.2.202) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00) 0001 00.. = Differentiated Services Codepoint: Unknown (0x04) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 60 Identification: 0x8328 (33576) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x309d [correct] [Good: True] [Bad : False] Source: 192.168.2.204 (192.168.2.204) Destination: 192.168.2.202 (192.168.2.202) Transmission Control Protocol, Src Port: 47643 (47643), Dst Port: mysql (3306), Seq: 0, Len: 0 Source port: 47643 (47643) Destination port: mysql (3306) Sequence number: 0 (relative sequence number) Header length: 40 bytes Flags: 0x02 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 5840 Checksum: 0x1958 [correct] Options: (20 bytes) Maximum segment size: 1460 bytes SACK permitted Timestamps: TSval 3703674, TSecr 0 NOP Window scale: 2 (multiply by 4) No. Time Source Destination Protocol Info 2 0.000067 192.168.2.202 192.168.2.204 TCP mysql > 47643 [SYN, ACK] Seq=0 Ack=1 Win=23168 Len=0 MSS=1460 TSV=2717369 TSER=3703674 WS=2 Frame 2 (76 bytes on wire, 76 bytes captured) Arrival Time: Nov 8, 2007 13:17:12.963846000 [Time delta from previous packet: 0.000067000 seconds] [Time since reference or first frame: 0.000067000 seconds] Frame Number: 2 Packet Length: 76 bytes Capture Length: 76 bytes [Frame is marked: False] [Protocols in frame: sll:ip:tcp] [Coloring Rule Name: TCP SYN/FIN] [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1] Linux cooked capture Packet type: Unicast to us (0) Link-layer address type: 1 Link-layer address length: 6 Source: Internet_1f:35:3e (00:e0:4d:1f:35:3e) Protocol: IP (0x0800) Internet Protocol, Src: 192.168.2.202 (192.168.2.202), Dst: 192.168.2.204 (192.168.2.204) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 60 Identification: 0x0000 (0) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0xb3d5 [correct] [Good: True] [Bad : False] Source: 192.168.2.202 (192.168.2.202) Destination: 192.168.2.204 (192.168.2.204) Transmission Control Protocol, Src Port: mysql (3306), Dst Port: 47643 (47643), Seq: 0, Ack: 1, Len: 0 Source port: mysql (3306) Destination port: 47643 (47643) Sequence number: 0 (relative sequence number) Acknowledgement number: 1 (relative ack number) Header length: 40 bytes Flags: 0x12 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 5792 Checksum: 0x0514 [correct] Options: (20 bytes) Maximum segment size: 1460 bytes SACK permitted Timestamps: TSval 2717369, TSecr 3703674 NOP Window scale: 2 (multiply by 4) [SEQ/ACK analysis] [This is an ACK to the segment in frame: 1] [The RTT to ACK the segment was: 0.000067000 seconds] No. Time Source Destination Protocol Info 3 0.000113 192.168.2.204 192.168.2.202 TCP 47643 > mysql [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=3703674 TSER=2717369 Frame 3 (68 bytes on wire, 68 bytes captured) Arrival Time: Nov 8, 2007 13:17:12.963892000 [Time delta from previous packet: 0.000046000 seconds] [Time since reference or first frame: 0.000113000 seconds] Frame Number: 3 Packet Length: 68 bytes Capture Length: 68 bytes [Frame is marked: False] [Protocols in frame: sll:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Linux cooked capture Packet type: Sent by us (4) Link-layer address type: 1 Link-layer address length: 6 Source: Elitegro_84:91:c1 (00:14:2a:84:91:c1) Protocol: IP (0x0800) Internet Protocol, Src: 192.168.2.204 (192.168.2.204), Dst: 192.168.2.202 (192.168.2.202) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00) 0001 00.. = Differentiated Services Codepoint: Unknown (0x04) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x8329 (33577) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x30a4 [correct] [Good: True] [Bad : False] Source: 192.168.2.204 (192.168.2.204) Destination: 192.168.2.202 (192.168.2.202) Transmission Control Protocol, Src Port: 47643 (47643), Dst Port: mysql (3306), Seq: 1, Ack: 1, Len: 0 Source port: 47643 (47643) Destination port: mysql (3306) Sequence number: 1 (relative sequence number) Acknowledgement number: 1 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 5840 (scaled) Checksum: 0x44c7 [correct] Options: (12 bytes) NOP NOP Timestamps: TSval 3703674, TSecr 2717369 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 2] [The RTT to ACK the segment was: 0.000046000 seconds] No. Time Source Destination Protocol Info 4 0.000442 192.168.2.202 192.168.2.204 MySQL Server Greeting proto=10 version=5.0.45-Debian_1ubuntu3-log Frame 4 (144 bytes on wire, 144 bytes captured) Arrival Time: Nov 8, 2007 13:17:12.964221000 [Time delta from previous packet: 0.000329000 seconds] [Time since reference or first frame: 0.000442000 seconds] Frame Number: 4 Packet Length: 144 bytes Capture Length: 144 bytes [Frame is marked: False] [Protocols in frame: sll:ip:tcp:mysql] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Linux cooked capture Packet type: Unicast to us (0) Link-layer address type: 1 Link-layer address length: 6 Source: Internet_1f:35:3e (00:e0:4d:1f:35:3e) Protocol: IP (0x0800) Internet Protocol, Src: 192.168.2.202 (192.168.2.202), Dst: 192.168.2.204 (192.168.2.204) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x08 (DSCP 0x02: Unknown DSCP; ECN: 0x00) 0000 10.. = Differentiated Services Codepoint: Unknown (0x02) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 128 Identification: 0x13f6 (5110) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x9f93 [correct] [Good: True] [Bad : False] Source: 192.168.2.202 (192.168.2.202) Destination: 192.168.2.204 (192.168.2.204) Transmission Control Protocol, Src Port: mysql (3306), Dst Port: 47643 (47643), Seq: 1, Ack: 1, Len: 76 Source port: mysql (3306) Destination port: 47643 (47643) Sequence number: 1 (relative sequence number) [Next sequence number: 77 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 5792 (scaled) Checksum: 0x40fd [correct] Options: (12 bytes) NOP NOP Timestamps: TSval 2717369, TSecr 3703674 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 3] [The RTT to ACK the segment was: 0.000329000 seconds] MySQL Protocol Packet Length: 72 Packet Number: 0 Server Greeting Protocol: 10 Version: 5.0.45-Debian_1ubuntu3-log Thread ID: 2308 Salt: od&0ZX,m Server Capabilities: 0xA22C .... .... .... ...0 = Long Password: Not set .... .... .... ..0. = Found Rows: Not set .... .... .... .1.. = Long Column Flags: Set .... .... .... 1... = Connect With Database: Set .... .... ...0 .... = Dont Allow database.table.column: Not set .... .... ..1. .... = Can use compression protocol: Set .... .... .0.. .... = ODBC Client: Not set .... .... 0... .... = Can Use LOAD DATA LOCAL: Not set .... ...0 .... .... = Ignore Spaces before '(': Not set .... ..1. .... .... = Speaks 4.1 protocol (new flag): Set .... .0.. .... .... = Interactive Client: Not set .... 0... .... .... = Switch to SSL after handshake: Not set ...0 .... .... .... = Ignore sigpipes: Not set ..1. .... .... .... = Knows about transactions: Set .0.. .... .... .... = Speaks 4.1 protocol (old flag): Not set 1... .... .... .... = Can do 4.1 authentication: Set Charset: latin1 COLLATE latin1_swedish_ci (8) Server Status: 0x0002 .... .... .... ...0 = In transaction: Not set .... .... .... ..1. = AUTO_COMMIT: Set .... .... .... .0.. = More results: Not set .... .... .... 0... = Multi query - more resultsets: Not set .... .... ...0 .... = Bad index used: Not set .... .... ..0. .... = No index used: Not set .... .... .0.. .... = Cursor exists: Not set .... .... 0... .... = Last row sebd: Not set .... ...0 .... .... = database dropped: Not set .... ..0. .... .... = No backslash escapes: Not set Unused: Salt: e1d%)<2(p{ mysql [ACK] Seq=1 Ack=77 Win=5840 Len=0 TSV=3703674 TSER=2717369 Frame 5 (68 bytes on wire, 68 bytes captured) Arrival Time: Nov 8, 2007 13:17:12.964279000 [Time delta from previous packet: 0.000058000 seconds] [Time since reference or first frame: 0.000500000 seconds] Frame Number: 5 Packet Length: 68 bytes Capture Length: 68 bytes [Frame is marked: False] [Protocols in frame: sll:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Linux cooked capture Packet type: Sent by us (4) Link-layer address type: 1 Link-layer address length: 6 Source: Elitegro_84:91:c1 (00:14:2a:84:91:c1) Protocol: IP (0x0800) Internet Protocol, Src: 192.168.2.204 (192.168.2.204), Dst: 192.168.2.202 (192.168.2.202) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00) 0001 00.. = Differentiated Services Codepoint: Unknown (0x04) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x832a (33578) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x30a3 [correct] [Good: True] [Bad : False] Source: 192.168.2.204 (192.168.2.204) Destination: 192.168.2.202 (192.168.2.202) Transmission Control Protocol, Src Port: 47643 (47643), Dst Port: mysql (3306), Seq: 1, Ack: 77, Len: 0 Source port: 47643 (47643) Destination port: mysql (3306) Sequence number: 1 (relative sequence number) Acknowledgement number: 77 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 5840 (scaled) Checksum: 0x447b [correct] Options: (12 bytes) NOP NOP Timestamps: TSval 3703674, TSecr 2717369 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 4] [The RTT to ACK the segment was: 0.000058000 seconds]