抓包工具tcpdump的使用,抓取具體的sql語句 [root@test7_chat_api_im ~]# tcpdump -s 0 -l -w - dst 106.75.74.38 and port 3306 |strings tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes SELECT refresh FROM tbl_device where device = 'H0001'K SELECT refresh FROM tbl_device where device = 'A0001'K jKJ& call sp_get_log_db_rs('OC')K call sp_get_log_db_rs('OK')K jKJ& SELECT refresh FROM tbl_device where device = 'B0001'K 1e{"server":"106.75.74.38","port":3306,"dbname":"yunva-log","user":"root","pwd":"pass"}
centos6.9
1.安裝依賴
yum install -y cmake libpcap-devel glib2-devel libnet-develmysql
2.獲取mysql-sniffer代碼並編譯
git clone https://github.com/Qihoo360/mysql-sniffer
cd mysql-sniffer
mkdir proj
cd proj
cmake ../
make
cd bin/linux
# 啓動監聽
# ./mysql-sniffer -i eth0 -p 3306 -e stderrgit
說明:
1.必需要帶-e才能輸出日誌
-e stderrgithub
2.經過工具navicat不管是直連仍是經過ssh跳轉都不能抓到sql,只看到報錯的信息sql
3.經過其餘linux直接mysql鏈接就能夠抓到語句centos
經過tcpdump進行抓包api
# tcpdump -s 0 -l -w - dst 10.11.0.211 and port 3306 |stringsssh