Tcpdump captures MySQL execution statement _ MySQL

Tcpdump: capture MySQL execution statement tcpdump

I. environment description

192.168.1.116: 3320 MySQL instance
192.168.1.118 current host
Em2 is an intranet port and em1 is an Internet port.
II. command instance
1. capture the SQL of the database instance on port 3320 of the current host and 192.168.1.116, and output the SQL of the symbol condition in real time. Ctrl + c stop the capture.
Tcpdump-I em2-s 0-l-w-dst 192.168.1.116 and port 3320 | strings | grep-I-E 'Select | update | insert | delete | set'
2. you can specify the number of packages to be crawled based on the number of packages.
Tcpdump-I em2-s 0-l-c 10000-w-dst 192.168.1.116 and port 3320 | strings | grep-I-E 'Select | update | insert | delete | set'
3. implement the above functions on 192.168.1.116
Tcpdump-I em2-c 2000-w-dst port 3320 | strings-target = utf8 | grep-I-E 'Select | update | insert | delete | set'
4. integrate tcpdump with perl
Tcpdump-I em2-s 0-w-dst port 3320 | strings-target = utf8 | perl-e'
While (<>) {chomp; next if/^ [^] + [] * $ /;
If (/^ (SELECT | UPDATE | DELETE | INSERT | SET | COMMIT | ROLLBACK | CREATE | DROP | ALTER | CALL)/I ){
If (defined $ q) {print "$ q/n ";}
$ Q = $ _;
} Else {
$ _ = ~ S/^ [/t] + //; $ q. = "$ _";
}
}'

III. tcpdump usage
1. tcpdump adopts the command line method. its command format is:
Tcpdump [-adeflnNOpqStvx] [-c quantity] [-F file name]
[-I network interface] [-r file name] [-s snaplen]
[-T type] [-w file name] [expression]
2. Introduction to tcpdump options
-A converts a network address and broadcast address into a name;
-D. give the code that matches the information package in an assembly format that people can understand;
-Dd provides the code that matches the information package in the format of the C program segment;
-Ddd provides the matching information package code in decimal format;
-E prints the header information of the data link layer in the output line;
-F print the Internet address in numbers;
-L changes the standard output to the buffer row format;
-N does not convert the network address into a name;
-T no timestamp is printed on each output line;
-V outputs a slightly detailed information. for example, the IP package can contain ttl and service type information;
-Vv: output detailed message information;
-C. after receiving the specified number of packages, tcpdump stops;
-F read the expression from the specified file and ignore other expressions;
-I indicates the network interface of the listener;
-R reads packets from a specified file (these packets are generally generated using the-w option );
-W directly writes the package into the file and does not analyze or print it out;
-T directly interpret the listening packet as a specified type of message. Common types include rpc (remote process call) and snmp (Simple Network Management Protocol ;)