#!/bin/bash
tcpdump -i eth0 -s 0 -l -w – dst port 3306 | strings | perl -e ‘
#!/bin/bash
while(<>) { chomp; next if /^[^ ]+[ ]*$/;
if(/^(SELECT|UPDATE|DELETE|INSERT|SET|COMMIT|ROLLBACK|CREATE|DROP|ALTER|CALL)/i) {
if (defined $q) { print “$q\n”; }
$q=$_;
} else {
$_ =~ s/^[ \t]+//; $q.=” $_”;
}
}’
骨头博客营销助手,快速让搜索引擎收录,快速提高网站访问量.
最近有点忙,很久没有来看看了!
你好,我们收PR3-PR5的博客链接,每月给你钱啊,如果你有意向,请联系Q21523
找到原因了,因为-l参数导致的。谢谢~~
-l Make stdout line buffered. Useful if you want to see the data while capturing it. E.g.,
‘‘tcpdump -l | tee dat’’ or ‘‘tcpdump -l > dat & tail -f dat’’.
我本地连接到外网数据库,执行如下sql,仍然抓不到任何数据。。。。。。
select * from productdata_tab where times like ‘200908’ ;
不知道LZ的tcpdump和libpcap是什么版本的?
[root@monitor ~]# tcpdump -V
tcpdump version 3.8
libpcap version 0.8.3
[root@yz250-207 ~]# tcpdump -V^M
tcpdump version 3.9.4
libpcap version 0.9.4
这两个版本都不行……
[root@monitor ~]# tcpdump -i eth0 -s 0 -l -w – dst port 3306 | strings
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
65 packets captured
65 packets received by filter
0 packets dropped by kernel
[root@monitor ~]# tcpdump -i eth0 -s 0 -l -w – dst port 3306
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
5 packets captured
5 packets received by filter
0 packets dropped by kernel
[root@monitor ~]#
仍然不行……
使用方法错了。
使用:
tcpdump -i eth0 -s 0 -l -w – dst port 3306 | strings
这种方法去抓就行了。
hello。我按照你的文档,做了一次尝试。没有抓到任何mysql数据……,如下:
[root@monitor ~]# tcpdump -i eth0 -vvv -s 0 dst port 3306
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
10:41:31.602609 IP (tos 0x0, ttl 125, id 50624, offset 0, flags [DF], proto 6, length: 124) 61.145.225.18.2365 > monitor.mysql: P [tcp sum ok] 2238329135:2238329219(84) ack 4242770225 win 64731
10:41:31.617723 IP (tos 0x0, ttl 125, id 50625, offset 0, flags [DF], proto 6, length: 40) 61.145.225.18.2365 > monitor.mysql: . [tcp sum ok] 84:84(0) ack 1630 win 65535
10:41:31.775732 IP (tos 0x0, ttl 125, id 50627, offset 0, flags [DF], proto 6, length: 40) 61.145.225.18.2365 > monitor.mysql: . [tcp sum ok] 84:84(0) ack 2434 win 64731
10:42:58.718340 IP (tos 0x0, ttl 125, id 52090, offset 0, flags [DF], proto 6, length: 40) 61.145.225.18.2084 > monitor.mysql: . [tcp sum ok] 4096274445:4096274445(0) ack 2678260501 win 64303