TShark: Difference between revisions
From Lolly's Wiki
Jump to navigationJump to search
No edit summary |
No edit summary |
||
| Line 12: | Line 12: | ||
# IFACE=eth0 ; tshark -i ${IFACE} -d tcp.port==3306,mysql -R "eth.addr eq $(ip link show ${IFACE} | awk '$1 ~ /link\/ether/{print $2}')" -T fields -e mysql.query 'port 3306' | # IFACE=eth0 ; tshark -i ${IFACE} -d tcp.port==3306,mysql -R "eth.addr eq $(ip link show ${IFACE} | awk '$1 ~ /link\/ether/{print $2}')" -T fields -e mysql.query 'port 3306' | ||
</source> | </source> | ||
The little awk magic selects only pakets which are from our ethernet address on interface | The little awk magic selects only pakets which are from our ethernet address on interface ''IFACE''. | ||
Revision as of 08:01, 2 October 2015
Kategorie:MySQL Kategorie:Security
TShark
TShark is the terminal based wireshark.
The ultimate tool to sniff network traffic when you have no X. It analyzes the traffic as wireshark does. Great tool!
MySQL traffic
To look on an application server for MySQL traffic you can use this line:
# IFACE=eth0 ; tshark -i ${IFACE} -d tcp.port==3306,mysql -R "eth.addr eq $(ip link show ${IFACE} | awk '$1 ~ /link\/ether/{print $2}')" -T fields -e mysql.query 'port 3306'
The little awk magic selects only pakets which are from our ethernet address on interface IFACE.
