监视MySQL连接和请求
监视MySQL连接和请求
提问于 2020-01-21 16:54:37
我试图监视到mysql数据库的所有传入连接。我用过
tcpdump port 3306 and '(tcp-syn|tcp-ack)!=0'目前哪种方式显示连接,但是否也有方法查看它正在发送/接收什么?
目前我看到:
11:45:43.275498 IP ip-10-0-40-123.ec2.internal.mysql > ip-10-0-21-17.ec2.internal.35522: Flags [.], ack 1780, win 248, options [nop,nop,TS val 2559781727 ecr 625071366], length 0
11:45:43.277761 IP ip-10-0-40-123.ec2.internal.mysql > ip-10-0-21-17.ec2.internal.35522: Flags [P.], seq 519:538, ack 1780, win 248, options [nop,nop,TS val 2559781729 ecr 625071366], length 19
11:45:43.277799 IP ip-10-0-40-123.ec2.internal.mysql > ip-10-0-41-109.ec2.internal.60718: Flags [P.], seq 32662:32900, ack 1, win 219, options [nop,nop,TS val 2559781729 ecr 2559505629], length 238
11:45:43.278331 IP ip-10-0-41-109.ec2.internal.60718 > ip-10-0-40-123.ec2.internal.mysql: Flags [.], ack 32900, win 24565, options [nop,nop,TS val 2559505675 ecr 2559781729], length 0
11:45:43.278345 IP ip-10-0-21-17.ec2.internal.35522 > ip-10-0-40-123.ec2.internal.mysql: Flags [P.], seq 1780:1989, ack 538, win 211, options [nop,nop,TS val 625071368 ecr 2559781729], length 209
11:45:43.280364 IP ip-10-0-40-123.ec2.internal.mysql > ip-10-0-21-17.ec2.internal.35522: Flags [P.], seq 538:596, ack 1989, win 258, options [nop,nop,TS val 2559781732 ecr 625071368], length 58
11:45:43.280375 IP ip-10-0-40-123.ec2.internal.mysql > ip-10-0-41-109.ec2.internal.60718: Flags [P.], seq 32900:33171, ack 1, win 219, options [nop,nop,TS val 2559781732 ecr 2559505675], length 271
11:45:43.280971 IP ip-10-0-21-17.ec2.internal.35522 > ip-10-0-40-123.ec2.internal.mysql: Flags [P.], seq 1989:1994, ack 596, win 211, options [nop,nop,TS val 625071371 ecr 2559781732], length 5
11:45:43.280983 IP ip-10-0-21-17.ec2.internal.35522 > ip-10-0-40-123.ec2.internal.mysql: Flags [F.], seq 1994, ack 596, win 211, options [nop,nop,TS val 625071371 ecr 2559781732], length 0
11:45:43.281003 IP ip-10-0-40-123.ec2.internal.mysql > ip-10-0-21-17.ec2.internal.35522: Flags [F.], seq 596, ack 1995, win 258, options [nop,nop,TS val 2559781733 ecr 625071371], length 0
11:45:43.281011 IP ip-10-0-41-109.ec2.internal.60718 > ip-10-0-40-123.ec2.internal.mysql: Flags [.], ack 33171, win 24565, options [nop,nop,TS val 2559505677 ecr 2559781732], length 0
11:45:43.281553 IP ip-10-0-21-17.ec2.internal.35522 > ip-10-0-40-123.ec2.internal.mysql: Flags [.], ack 597, win 211, options [nop,nop,TS val 625071372 ecr 2559781733], length 0我希望有这样的东西:
11:45:43.281011 IP ip-10-0-41-109.ec2.internal.60718 > ip-10-0-40-123.ec2.internal.mysql: Flags [.], ack 33171, win 24565, options [nop,nop,TS val 2559505677 ecr 2559781732], length 0 'select userid from users where email = 'example@example.com''
11:45:43.277799 IP ip-10-0-40-123.ec2.internal.mysql > ip-10-0-41-109.ec2.internal.60718: Flags [P.], seq 32662:32900, ack 1, win 219, options [nop,nop,TS val 2559781729 ecr 2559505629], length 238 '1234',其中最后一个值是DB正在处理/返回的值。
回答 1
Server Fault用户
回答已采纳
发布于 2020-01-21 23:33:11
如果我理解得对,你想要的是看到通信中发送的有效载荷。
我不知道客户机和mySQL服务器之间的通信是否加密,但如果不是,您可以向tcdump命令添加更多参数。
试一试这种东西
tcpdump -vv port 3306 and '(tcp-syn|tcp-ack)!=0' -nnttttA这将显示ASCII中的有效载荷。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/999807
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号