zoukankan      html  css  js  c++  java
  • MySQL Sniffer

    MySQL Sniffer 是360开源的一个基于 MySQL 协议的抓包工具, 能实时抓取客户端端请求,并格式化输出操作语句,操作十分简单。
    对于问题的定位,操作的审核是个不错的利器。

    Github地址:https://github.com/Qihoo360/mysql-sniffer

    安装

    # yum install glib2-devel libpcap-devel libnet-devel
    # unzip mysql-sniffer-master.zip
    # cd mysql-sniffer-master
    # cmake .

    -- Configuring done
    -- Generating done
    -- Build files have been written to: /root/mysql-sniffer-master

    # make

    Scanning dependencies of target mysql-sniffer
    [ 16%] Building C object bin/CMakeFiles/mysql-sniffer.dir/main.c.o
    [ 33%] Building C object bin/CMakeFiles/mysql-sniffer.dir/mysql-dissector.c.o
    /root/mysql-sniffer-master/src/mysql-dissector.c: In function ‘decode_mysql_lenenc_int’:
    /root/mysql-sniffer-master/src/mysql-dissector.c:112: warning: dereferencing type-punned pointer will break strict-aliasing rules
    [ 50%] Building C object bin/CMakeFiles/mysql-sniffer.dir/util.c.o
    [ 66%] Building CXX object bin/CMakeFiles/mysql-sniffer.dir/session.cpp.o
    [ 83%] Building CXX object bin/CMakeFiles/mysql-sniffer.dir/sniff-config.cpp.o
    [100%] Building CXX object bin/CMakeFiles/mysql-sniffer.dir/sniff-log.cpp.o
    Linking CXX executable mysql-sniffer
    [100%] Built target mysql-sniffer

    # cd bin/

    # ls

    CMakeFiles  cmake_install.cmake  Makefile  mysql-sniffer

    参数说明

    参数说明也是简明易懂。

    # ./mysql-sniffer -help
    Usage ./mysql-sniffer [-d] -i eth0 -p 3306,3307,3308 -l /var/log/mysql-sniffer/ -e stderr
             [-d] -i eth0 -r 3000-4000
             -d daemon mode.
             -s how often to split the log file(minute, eg. 1440). if less than 0, split log everyday
             -i interface. Default to eth0
             -p port, default to 3306. Multiple ports should be splited by ','. eg. 3306,3307
                this option has no effect when -f is set.
             -r port range, Don't use -r and -p at the same time
             -l query log DIRECTORY. Make sure that the directory is accessible. Default to stdout.
             -e error log FILENAME or 'stderr'. if set to /dev/null, runtime error will not be recorded
             -f filename. use pcap file instead capturing the network interface
             -w white list. dont capture the port. Multiple ports should be splited by ','.
             -t truncation length. truncate long query if it's longer than specified length. Less than 0 means no truncation
             -n keeping tcp stream count, if not set, default is 65536. if active tcp count is larger than the specified count, mysql-sniffer will remove the oldest one

    示例

    # ./mysql-sniffer -i eth0 -p 3306

    其中,倒数第二列是返回数据的行数。

    2017-03-08 11:00:08     root     192.168.244.20     NULL              0ms              1     select @@version_comment limit 1
    2017-03-08 11:00:08     root     192.168.244.20     NULL              0ms              1     select USER()
    2017-03-08 11:00:10     root     192.168.244.20     NULL              0ms              1     select 1
    2017-03-08 11:01:46     root     192.168.244.20     NULL              0ms              1     SELECT DATABASE()
    2017-03-08 11:01:46     root     192.168.244.20     test             24ms              0     use test
    2017-03-08 11:01:46     root     192.168.244.20     test            172ms             14     show databases
    2017-03-08 11:01:46     root     192.168.244.20     test              0ms             20     show tables
    2017-03-08 11:01:52     root     192.168.244.20     test              0ms             20     show tables
    2017-03-08 11:01:57     root     192.168.244.20     test             58ms              9     select * from test1
    2017-03-08 11:02:17     root     192.168.244.20     test              0ms              1     SELECT DATABASE()
    2017-03-08 11:02:17     root     192.168.244.20     test              0ms              0     use test

    注意

    1. 只能抓取新建的链接,如果是之前创建的链接将获取不到用户名和库名,并有一定几率丢包。

    2. 如果客户端是在本地,如果走的是tcp连接的话,如mysql -h 192.168.244.10 -uroot -p123456,其中192.168.244.10是本地主机ip,
        则只能通过回环地址来捕捉,./mysql-sniffer -i lo -p 3306

    参考

    https://github.com/Qihoo360/mysql-sniffer/blob/master/README_CN.md

  • 相关阅读:
    Android Studio代码自己主动检測错误提示
    uva 1567
    UWP 新手教程2——怎样实现自适应用户界面
    远程服务的使用场景
    本地服务和远程服务
    本地应用调用远程服务中的方法
    混合方式开启服务
    绑定服务抽取接口
    绑定服务调用服务里的方法
    bind绑定服务的生命周期
  • 原文地址:https://www.cnblogs.com/ivictor/p/6518274.html
Copyright © 2011-2022 走看看