wireshark解析达梦数据库协议

达梦数据库不开源，所以wireshark没有对应的协议解析，可实际工作中又需要抓包验证程序处理流程是否正确，为了校验起来方便，自己手撸一个达梦的解析脚本。

先来展示一下解析结果：

解析脚本：dameng.lua

dameng_protocol = Proto("Dameng", "Dameng Protocol")local head_packet_type_desc = {[0x01]  = "Login",[0x05]  = "SQL Request",[0xa3]  = "Login ACK",[0xbb]  = "Response",[0xc8]  = "Version",[0xe4]  = "Version",
}local DAMENG_ie = {head_packet_type = ProtoField.uint16("dameng.head_packet_type", "HeadPacketType", base.HEX, head_packet_type_desc),data_len = ProtoField.uint16("dameng.date_len", "DataLen", base.DEC),
}local login_ie = {username_len = ProtoField.uint32("dameng.username_len", "UserNameLen", base.DEC),username = ProtoField.bytes("dameng.username", "UserName"),password_len = ProtoField.uint32("dameng.password_len", "PassWordLen", base.DEC),password = ProtoField.bytes("dameng.password", "PassWord"),client_name_len = ProtoField.uint32("dameng.client_name_len", "ClientNameLen", base.DEC),client_name = ProtoField.string("dameng.client_name", "ClientName"),system_name_len = ProtoField.uint32("dameng.system_name_len", "SystemNameLen", base.DEC),system_name = ProtoField.string("dameng.system_name", "SystemName"),host_name_len = ProtoField.uint32("dameng.host_name_len", "HostNameLen", base.DEC),host_name = ProtoField.string("dameng.host_name", "HostName"),
}local loginACK_ie = {db_name = ProtoField.string("dameng.db_name", "DataBaseName"),username = ProtoField.string("dameng.username", "UserName"),client_ip = ProtoField.string("dameng.client_ip", "ClientIP"),link_time = ProtoField.string("dameng.link_time", "LinkTime"),
}local SQL_ie = {sql_data = ProtoField.string("dameng.sql_data", "SQL data"),
}local Version_ie = {clinet_version = ProtoField.string("dameng.client_version", "Client Version"),server_version = ProtoField.string("dameng.server_version", "Server Version"),
}dameng_protocol.fields = { ---------------DAMENG_ie----------------DAMENG_ie.head_packet_type,DAMENG_ie.data_len,---------------login_ie----------------login_ie.username_len,login_ie.username,login_ie.password_len,login_ie.password,login_ie.client_name_len,login_ie.client_name,login_ie.system_name_len,login_ie.system_name,login_ie.host_name_len,login_ie.host_name,---------------loginACK_ie----------------loginACK_ie.db_name,loginACK_ie.username,loginACK_ie.client_ip,loginACK_ie.link_time,---------------SQL_ie----------------SQL_ie.sql_data,---------------Version_ie----------------Version_ie.clinet_version,Version_ie.server_version,
}function dameng_protocol.dissector(tvb, pinfo, tree)length = tvb:len()if length == 0 thenreturnendpinfo.cols.protocol = dameng_protocol.namelocal offset = 0local msg_len = 0local subtree = tree:add(dameng_protocol, tvb(), "Dameng Protocol Data")offset = offset + 4local headPacketType = tvb(offset,2):le_uint()subtree:add_le(DAMENG_ie.head_packet_type, tvb(offset,2))offset = offset + 2local dataLen = tvb(offset,2):le_uint()
--  subtree:add_le(DAMENG_ie.data_len, tvb(offset,2))offset = offset + 2if (headPacketType == 0x01) then----------------dissect login-------------------offset = offset + 56----------------dissect username-------------------local usernameLen = tvb(offset,4):le_uint()
--      subtree:add_le(login_ie.username_len, tvb(offset,4))        offset = offset + 4subtree:add(login_ie.username, tvb(offset, usernameLen))offset = offset + usernameLen----------------dissect password-------------------local passwordLen = tvb(offset,4):le_uint()
--      subtree:add_le(login_ie.password_len, tvb(offset,4))offset = offset + 4       subtree:add(login_ie.password, tvb(offset, passwordLen))offset = offset + passwordLen----------------dissect client_name-------------------local clientNameLen = tvb(offset,4):le_uint()
--      subtree:add_le(login_ie.client_name_len, tvb(offset,4))offset = offset + 4        subtree:add(login_ie.client_name, tvb(offset, clientNameLen))offset = offset + clientNameLen----------------dissect system_name-------------------local systemNameLen = tvb(offset,4):le_uint()
--      subtree:add_le(login_ie.system_name_len, tvb(offset,4))offset = offset + 4        subtree:add(login_ie.system_name, tvb(offset, systemNameLen))offset = offset + systemNameLen----------------dissect host_name-------------------local hostNameLen = tvb(offset,4):le_uint()
--      subtree:add_le(login_ie.host_name_len, tvb(offset,4))offset = offset + 4      subtree:add(login_ie.host_name, tvb(offset, hostNameLen))offset = offset + hostNameLenelseif (headPacketType == 0xa3) then----------------dissect login ACK-------------------offset = offset + 72----------------dissect database name-------------------local dbNameLen = tvb(offset,4):le_uint()      offset = offset + 4subtree:add(loginACK_ie.db_name, tvb(offset, dbNameLen))offset = offset + dbNameLen----------------dissect user-------------------local userNameLen = tvb(offset,4):le_uint()offset = offset + 4      subtree:add(loginACK_ie.username, tvb(offset, userNameLen))offset = offset + userNameLen----------------dissect client_ip-------------------local clientIpLen = tvb(offset,4):le_uint()offset = offset + 4     subtree:add(loginACK_ie.client_ip, tvb(offset, clientIpLen))offset = offset + clientIpLen----------------dissect link time-------------------local linkTimeLen = tvb(offset,4):le_uint()offset = offset + 4        subtree:add(loginACK_ie.link_time, tvb(offset, linkTimeLen))offset = offset + linkTimeLen elseif (headPacketType == 0x05) then----------------dissect SQL Request-------------------offset = offset + 56subtree:add(SQL_ie.sql_data, tvb(offset, dataLen))elseif (headPacketType == 0xc8) then----------------dissect Client Version-------------------offset = offset + 56local clientVersionLen = tvb(offset,4):le_uint()
--      subtree:add_le(login_ie.client_name_len, tvb(offset,4))offset = offset + 4        subtree:add(Version_ie.clinet_version, tvb(offset, clientVersionLen))offset = offset + clientVersionLenelseif (headPacketType == 0xe4) then----------------dissect Server Version-------------------offset = offset + 72local serverVersionLen = tvb(offset,4):le_uint()
--      subtree:add_le(login_ie.client_name_len, tvb(offset,4))offset = offset + 4        subtree:add(Version_ie.server_version, tvb(offset, serverVersionLen))offset = offset + serverVersionLenend
endlocal tcp_port = DissectorTable.get("tcp.port")
tcp_port:add(5236, dameng_protocol)

下面说说怎么把解析脚本嵌到wireshark中：

将damen.lua文件放在wirekshark的安装目录，在wireshark的根目录中找到init.lua，打开后将文件中的enable_lua设置为true，并在init.lua文件中增加我们编写的lua脚本，使用的命令为dofile(DATA_DIR.."dameng.lua")。

再次用wireshak打开达梦的包，就能看到解析内容了。

注意：脚本中默认的达梦数据库端口为5236，如果实际环境为其它端口，在脚本中做对应修改即可。

wireshark解析达梦数据库协议相关推荐

达梦数据库，dimp导入报错：该工具不能解析此文件，请使用更高版本的工具
经常有朋友反馈达梦数据库,dimp导入报错:该工具不能解析此文件,请使用更高版本的工具这种问题一般有两种情况: 1.用oracle等异构数据库导出的dmp文件来进行导入,这个是不支持的,建议用数据迁 ...
达梦mpp相当于oracle什么,DM7 达梦数据库大规模并行处理 MPP (1) -- 基本概念和原理...
1 概述达梦大规模并行处理 MPP(DM Massively Parallel Processing,缩写 DM MPP)是基于达梦数据库管理系统研发的完全对等无共享式集群组件,支持将多个 DM 数 ...
达梦数据库配置SSL认证加密
环境介绍 OS Version:Kylin Linux Advanced Server release V10 (SP1) /(Tercel)-x86_64-Build19/20210319 DB V ...
达梦数据库实时主备集群的同步机制和切换机制
DM数据守护介绍 1. DM 数据守护(Data Watch) 是一种集成化的高可用.高性能数据库解决方案,是数据库异地容灾的首选方案.通过部署 DM 数据守护,可以在硬件故障(如磁盘损坏).自然灾害 ...
达梦数据库DCA培训课程笔记
说明:本笔记根据达梦培训课程整理,笔记内容仅供交流和参考,如内容有误请指正:如侵权,请联系本人处理,谢谢! ps:如果需要视频录播的话,可以私信我哈一.达梦数据库安装查看cpu:lscpu或者ca ...
基于Enterprise Library的Winform开发框架实现支持国产达梦数据库的扩展操作
由于一个客户朋友的需求,需要我的Winform开发框架支持国产达梦数据库的操作,这个数据库很早就听过,但是真正一般项目用的很少,一般在一些特殊的项目可能需要用到.由于我的Winform开发框架,是基于 ...
达梦数据库删除用户_达梦数据库的操作手册.docx
达梦数据库操作手册2013年12月15日达梦数据库安装服务器安装数据库安装注意问题数据库的安装路径不要直接放在操作系统的/目录相同的磁盘上,可以安装在/dmdb/dm,但是/dmdb要单独挂载在一块硬 ...
linux下达梦数据库启动_linux上安装tomcat和达梦数据库
环境:系统:红帽linux企业版4(红旗LINUX也是一样,会更简单) jakarta-tomcat-5.0.28.tar.gz(二进制源码) jdk-1_5_0_15-linux-i586-rpm. ...
php7 测试数据库_达梦数据库PHP连接测试
完整实验步骤: 1.apache安装 2.php安装 3.连接达梦数据库 1.源码安装apache apache的源码安装包: httpd-2.4.43.tar.gz 安装apache源码包需要先安装 ...

wireshark解析达梦数据库协议

先来展示一下解析结果：

解析脚本：dameng.lua

下面说说怎么把解析脚本嵌到wireshark中：

wireshark解析达梦数据库协议相关推荐

最新文章

热门文章