用tcpdump 抓取 mysql客戶端與服務器端的交互
1開啟tcpdump
tcpdump -i eth0 -s 3000 port 3306 -w ~/sql.pcap
先故意輸入一個錯誤的密碼
[root@localhost ~]# mysql -h192.168.100.206 -uroot -p Enter password: ERROR 1045 (28000): Access denied for user 'root'@'192.168.11.201' (using password: YES)
輸入正確的密碼進入並進行一系列操作
[root@localhost ~]# mysql -h192.168.100.206 -uroot -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 442447 Server version: 5.5.25-log Source distribution Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> use jwbx; Database changed mysql> select * from jwbx_customer limit 10;
用wireshark 打開sql.pcap 文件
輸入的錯誤密碼
Request 6 0.001146 192.168.11.201 192.168.100.206 MySQL 128 Login Request user=root
Response 8 0.001636 192.168.100.206 192.168.11.201 MySQL 147 Response Error 1045
登陸成功
17 4.953321 192.168.11.201 192.168.100.206 MySQL 128 Login Request user=root
來自服務器端的問候
15 4.952968 192.168.100.206 192.168.11.201 MySQL 148 Server Greeting proto=10 version=5.5.25-log
服務器端的狀態
訪問
select @@version_comment limit 1 返回 Source distribution
SELECT DATABASE()
USE DataBase 返回數據庫名
訪問的sql
Return
同樣可以在抓取程序訪問mysql的數據,可以查看執行了哪些sql語句
也可以不用wireshark 方式如下:
#tcpdump -i any -A -s 3000 port 3306 >~/sql.log
#grep "select * from " ~/sql.log|head
備注:-A 以ASCII格式打印出所有分組,並將鏈路層的頭最小化。向mysql服務端傳輸的sql語句就是以ASCII碼形式進行傳輸。我們就可以使用-A參數查看傳輸的具體sql語句。