pt-tcp-model

http://blog.9minutesnooze.com/analyzing-http-traffic-tcpdump-perconas-pttcpmodel/

#获取200k个packets
tcpdump -c 200000 -w output.pcap -i any

#获取6009端口
tcpdump -r output.pcap -s 384 -i any -nnq -tttt    'tcp port 6009 and (((ip[2:2] - ((ip[0]&0xf)<<2))

#默认是制定 
#--watch-server    10.10.10.10:3306
#因此需要根据实际情况修改
./pt-tcp-model --watch-server=10.75.xxx.88:6009 ./port6009.txt >request

 http://pan.baidu.com/s/1mgLodeC