抓包工具tcpdump的使用,抓取具体的sql语句
[root@test7_chat_api_im ~]# tcpdump -s -l -w - dst 106.75.74.38 and port |strings
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size bytes SELECT refresh FROM tbl_device where device = 'H0001'K SELECT refresh FROM tbl_device where device = 'A0001'K
jKJ&
call sp_get_log_db_rs('OC')K
call sp_get_log_db_rs('OK')K
jKJ&
SELECT refresh FROM tbl_device where device = 'B0001'K
1e{"server":"106.75.74.38","port":,"dbname":"yunva-log","user":"root","pwd":"pass"}
centos6.9
1.安装依赖
yum install -y cmake libpcap-devel glib2-devel libnet-devel
2.获取mysql-sniffer代码并编译
git clone https://github.com/Qihoo360/mysql-sniffer
cd mysql-sniffer
mkdir proj
cd proj
cmake ../
make
cd bin/
# 启动监听
# ./mysql-sniffer -i eth0 -p 3306 -e stderr
说明:
1.必须要带-e才能输出日志
-e stderr
2.通过工具navicat不论是直连还是通过ssh跳转都不能抓到sql,只看到报错的信息
3.通过其他linux直接mysql连接就可以抓到语句
通过tcpdump进行抓包
# tcpdump -s 0 -l -w - dst 10.11.0.211 and port 3306 |strings