tcpdump基本用法
什麼是tcpdump
Tcpdump prints out the headers of packets on a network interface that match the boolean expression.
常用選項
-w可以將結果寫入檔案,而-r可以從制定檔案讀取資料
-c 接收指定數量的包後自動退出
-i 監聽的網路卡
-n 禁止將IP解析為域名
監聽型別
Host –預設/Net/ Port
監聽傳輸方向
Src/Dst/Dst or src –預設/Dst and src
監聽傳輸協議
Fddi/Ip/Arp/Rarp/Tcp/Udp
邏輯運算子
取非運算Not或 !
與運算 and 或 &&
或運算 or 或 ||
具體語法
截獲主機A和B或C的通訊
Tcpdump host A and \(B or C\)
獲取主機A除了和B之外所有的通訊IP包
Tcpdump ip host A and ! B
獲取主機A接收的telnet包
Tcpdump tcp port 23 dst host A
案例
1
透過shell自動捕獲長時間執行的事務並用tcpdump跟蹤
#!/bin/bash
# Begin by deleting things more than 7 days old
find /root/tcpdumps/ -type f -mtime +7 -exec rm -f '{}' \;
# Bail out if the disk is more than this %full.
PCT_THRESHOLD=95
# Bail out if the disk has less than this many MB free.
MB_THRESHOLD=100
# Make sure the disk isn't getting too full.
avail=$(df -m -P /root/tcpdumps/ | awk '/^\//{print $4}');
full=$(df -m -P /root/tcpdumps/ | awk '/^\//{print $5}' | sed -e 's/%//g');
if [ "${avail}" -le "${MB_THRESHOLD}" -o "${full}" -ge "${PCT_THRESHOLD}" ]; then
echo "Exiting, not enough free space (${full}%, ${avail}MB free)">&2
exit 1
fi
host=$(mysql -ss -e 'SELECT p.HOST FROM information_schema.innodb_lock_waits w INNER JOIN information_schema.innodb_trx b ON b.trx_id = w.blocking_trx_id INNER JOIN information_schema.processlist p on b.trx_mysql_thread_id = p.ID LIMIT 1')
if [ "${host}" ]; then
echo "Host ${host} is blocking"
port=$(echo ${host} | cut -d: -f2)
tcpdump -i eth0 -s 65535 -x -nn -q -tttt port 3306 and port ${port} > /root/tcpdumps/`date +%s`-tcpdump &
mysql -e 'show innodb status\Gshow full processlist' > /root/tcpdumps/`date +%s`-innodbstatus
pid=$!
sleep 30
kill ${pid}
fi
http://www.mysqlperformanceblog.com/2011/03/08/how-to-debug-long-running-transactions-in-mysql/
2
利用tcpdump捕獲mysql執行的sql
#!/bin/bash
#this script. used montor mysql network traffic.echo sql
sudo tcpdump -i lo -s 0 -l -w - dst port 3306 | strings | perl -e '
while(<>) { chomp; next if /^[^ ]+[ ]*$/;
if(/^(SELECT|UPDATE|DELETE|INSERT|SET|COMMIT|ROLLBACK|CREATE|DROP|ALTER)/i) {
if (defined $q) { print "$q\n"; }
$q=$_;
} else {
$_ =~ s/^[ \t]+//; $q.=" $_";
}
}'
下面是執行指令碼的輸出
SELECT b.id FROM module as a,rights as b where a.id=b.module_id and b.sid='179' and a.pname like 'vip/member_order_manage.php%'
SELECT count(id) as cc,sum(cash) as total from morder_stat_all where (ymd BETWEEN '1312214400' and '1312336486') and depart_id=5 an
d order_class=2
select id,name from media where symd='0000-00-00'
select id,name from depart where s_flag=' ' and noff=1 order by sno
select id,name from plank where depart_id=5 and noff=1 order by no
select id,name from grp where plank_id=0 and noff=1 order by no
select id,CONCAT(pname,'-',name) as name from pvc order by pname
select id,CONCAT(no,'-',name) as name from local where pvc_id=0 order by no
select id,name from product_breed
select color_name from product_color where id=5
select id,name from product where id = '0'
可使用來wireshark圖形化解析
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/15480802/viewspace-757723/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Tcpdump 的用法TCP
- 抓包工具tcpdump用法說明TCP
- 超級詳細Tcpdump 的用法TCP
- (轉)超級詳細Tcpdump 的用法TCP
- 超級詳細Tcpdump 的用法(轉)TCP
- 超級詳細的tcpdump用法介紹TCP
- Promise基本用法Promise
- Git基本用法Git
- mongoose基本用法Go
- GORM基本用法GoORM
- MongoDB的基本用法MongoDB
- webpack的基本用法Web
- rematch的基本用法REM
- Promise的基本用法Promise
- jquery ajax基本用法jQuery
- scp命令基本用法
- mysqldump的基本用法MySql
- Quartz:基本用法總結quartz
- JAVA CDI @Inject基本用法Java
- React context基本用法ReactContext
- Object.defineProperty基本用法Object
- ElasticSearch之基本用法APIElasticsearchAPI
- UIScrollView的基本用法UIView
- vim配置及基本用法
- tcpdumpTCP
- 反射機制的基本用法反射
- Promise含義及基本用法Promise
- MongoDB 及 PyMongo 的基本用法MongoDB
- commander.js基本用法JS
- docker 1.2 之docker基本用法Docker
- linux中grep基本用法Linux
- redux-saga基本用法Redux
- react-redux的基本用法ReactRedux
- workflow 之 Prefect 基本用法(qbit)
- 【Less】Less基本用法總結
- Git基本用法,小白入門Git
- C++中& 的基本用法C++
- fork()函式的基本用法函式