评论：用Tcpdump抓取MySQL执行的SQL

来自：联系Q867400

联系Q867400 — Tue, 17 Nov 2009 03:27:41 +0000

骨头博客营销助手,快速让搜索引擎收录,快速提高网站访问量.

来自：大地软件

大地软件 — Fri, 13 Nov 2009 04:24:09 +0000

最近有点忙,很久没有来看看了!

来自：SKON

SKON — Thu, 12 Nov 2009 06:49:22 +0000

你好，我们收PR3-PR5的博客链接，每月给你钱啊，如果你有意向，请联系Q21523

来自：Jimmy

Jimmy — Fri, 06 Nov 2009 03:26:25 +0000

找到原因了，因为-l参数导致的。谢谢~~

-l Make stdout line buffered. Useful if you want to see the data while capturing it. E.g.,
‘‘tcpdump -l | tee dat’’ or ‘‘tcpdump -l > dat & tail -f dat’’.

来自：Jimmy

Jimmy — Fri, 06 Nov 2009 03:01:31 +0000

我本地连接到外网数据库，执行如下sql，仍然抓不到任何数据。。。。。。
select * from productdata_tab where times like ‘200908′ ;

不知道LZ的tcpdump和libpcap是什么版本的？
[root@monitor ~]# tcpdump -V
tcpdump version 3.8
libpcap version 0.8.3
[root@yz250-207 ~]# tcpdump -V^M
tcpdump version 3.9.4
libpcap version 0.9.4

这两个版本都不行……

来自：Jimmy

Jimmy — Fri, 06 Nov 2009 02:53:33 +0000

[root@monitor ~]# tcpdump -i eth0 -s 0 -l -w – dst port 3306 | strings
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

65 packets captured
65 packets received by filter
0 packets dropped by kernel

[root@monitor ~]# tcpdump -i eth0 -s 0 -l -w – dst port 3306
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

5 packets captured
5 packets received by filter
0 packets dropped by kernel
[root@monitor ~]#

仍然不行……

来自：wubx

wubx — Thu, 05 Nov 2009 14:16:34 +0000

使用方法错了。
使用：
tcpdump -i eth0 -s 0 -l -w – dst port 3306 | strings

这种方法去抓就行了。

来自：Jimmy

Jimmy — Thu, 05 Nov 2009 03:19:08 +0000

waiting for your reply

来自：Jimmy

Jimmy — Thu, 05 Nov 2009 03:18:28 +0000

hello。我按照你的文档，做了一次尝试。没有抓到任何mysql数据……，如下：
[root@monitor ~]# tcpdump -i eth0 -vvv -s 0 dst port 3306
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
10:41:31.602609 IP (tos 0×0, ttl 125, id 50624, offset 0, flags [DF], proto 6, length: 124) 61.145.225.18.2365 > monitor.mysql: P [tcp sum ok] 2238329135:2238329219(84) ack 4242770225 win 64731
10:41:31.617723 IP (tos 0×0, ttl 125, id 50625, offset 0, flags [DF], proto 6, length: 40) 61.145.225.18.2365 > monitor.mysql: . [tcp sum ok] 84:84(0) ack 1630 win 65535
10:41:31.775732 IP (tos 0×0, ttl 125, id 50627, offset 0, flags [DF], proto 6, length: 40) 61.145.225.18.2365 > monitor.mysql: . [tcp sum ok] 84:84(0) ack 2434 win 64731
10:42:58.718340 IP (tos 0×0, ttl 125, id 52090, offset 0, flags [DF], proto 6, length: 40) 61.145.225.18.2084 > monitor.mysql: . [tcp sum ok] 4096274445:4096274445(0) ack 2678260501 win 64303