用Tcpdump抓取MySQL执行的SQL

#!/bin/bash
tcpdump -i eth0 -s 0 -l -w – dst port 3306 | strings | perl -e ‘
#!/bin/bash
while(<>) { chomp; next if /^[^ ]+[ ]*$/;
if(/^(SELECT|UPDATE|DELETE|INSERT|SET|COMMIT|ROLLBACK|CREATE|DROP|ALTER|CALL)/i) {
if (defined $q) { print “$q\n”; }
$q=$_;
} else {
$_ =~ s/^[ \t]+//; $q.=” $_”;
}
}’

《用Tcpdump抓取MySQL执行的SQL》上有8个想法

骨头博客营销助手,快速让搜索引擎收录,快速提高网站访问量.

最近有点忙,很久没有来看看了!

你好，我们收PR3-PR5的博客链接，每月给你钱啊，如果你有意向，请联系Q21523

找到原因了，因为-l参数导致的。谢谢~~

-l Make stdout line buffered. Useful if you want to see the data while capturing it. E.g.,
‘‘tcpdump -l | tee dat’’ or ‘‘tcpdump -l > dat & tail -f dat’’.

我本地连接到外网数据库，执行如下sql，仍然抓不到任何数据。。。。。。
select * from productdata_tab where times like ‘200908’ ;

不知道LZ的tcpdump和libpcap是什么版本的？
[root@monitor ~]# tcpdump -V
tcpdump version 3.8
libpcap version 0.8.3
[root@yz250-207 ~]# tcpdump -V^M
tcpdump version 3.9.4
libpcap version 0.9.4

这两个版本都不行……

[root@monitor ~]# tcpdump -i eth0 -s 0 -l -w – dst port 3306 | strings
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

65 packets captured
65 packets received by filter
0 packets dropped by kernel

[root@monitor ~]# tcpdump -i eth0 -s 0 -l -w – dst port 3306
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

5 packets captured
5 packets received by filter
0 packets dropped by kernel
[root@monitor ~]#

仍然不行……

使用方法错了。
使用：
tcpdump -i eth0 -s 0 -l -w – dst port 3306 | strings

这种方法去抓就行了。

hello。我按照你的文档，做了一次尝试。没有抓到任何mysql数据……，如下：
[root@monitor ~]# tcpdump -i eth0 -vvv -s 0 dst port 3306
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
10:41:31.602609 IP (tos 0x0, ttl 125, id 50624, offset 0, flags [DF], proto 6, length: 124) 61.145.225.18.2365 > monitor.mysql: P [tcp sum ok] 2238329135:2238329219(84) ack 4242770225 win 64731
10:41:31.617723 IP (tos 0x0, ttl 125, id 50625, offset 0, flags [DF], proto 6, length: 40) 61.145.225.18.2365 > monitor.mysql: . [tcp sum ok] 84:84(0) ack 1630 win 65535
10:41:31.775732 IP (tos 0x0, ttl 125, id 50627, offset 0, flags [DF], proto 6, length: 40) 61.145.225.18.2365 > monitor.mysql: . [tcp sum ok] 84:84(0) ack 2434 win 64731
10:42:58.718340 IP (tos 0x0, ttl 125, id 52090, offset 0, flags [DF], proto 6, length: 40) 61.145.225.18.2084 > monitor.mysql: . [tcp sum ok] 4096274445:4096274445(0) ack 2678260501 win 64303

评论已关闭。