TShark: Difference between revisions

From Lolly's Wiki
Jump to navigationJump to search
(Die Seite wurde neu angelegt: „Kategorie:MySQL Kategorie:Security =TShark= [https://www.wireshark.org/docs/wsug_html_chunked/AppToolstshark.html TShark is the terminal based wiresha…“)
 
No edit summary
Line 8: Line 8:


==MySQL traffic==
==MySQL traffic==
The little awk-magic selects only pakets which are from our ethernet address.
To look on an application server for MySQL traffic you can use this line:
<source lang=bash>
<source lang=bash>
# IFACE=eth0 ; tshark -i ${IFACE} -aduration:60 -d tcp.port==3306,mysql -R "eth.addr eq $(ip link show ${IFACE} | awk '$1 ~ /link\/ether/{print $2}')" -T fields -e mysql.query 'port 3306'
# IFACE=eth0 ; tshark -i ${IFACE} -d tcp.port==3306,mysql -R "eth.addr eq $(ip link show ${IFACE} | awk '$1 ~ /link\/ether/{print $2}')" -T fields -e mysql.query 'port 3306'
</source>
</source>
The little awk magic selects only pakets which are from our ethernet address on interface '''IFACE'''.

Revision as of 09:00, 2 October 2015

Kategorie:MySQL Kategorie:Security

TShark

TShark is the terminal based wireshark.

The ultimate tool to sniff network traffic when you have no X. It analyzes the traffic as wireshark does. Great tool!

MySQL traffic

To look on an application server for MySQL traffic you can use this line: 

# IFACE=eth0 ; tshark -i ${IFACE} -d tcp.port==3306,mysql -R "eth.addr eq $(ip link show ${IFACE} | awk '$1 ~ /link\/ether/{print $2}')" -T fields -e mysql.query 'port 3306'

The little awk magic selects only pakets which are from our ethernet address on interface IFACE.

Retrieved from "https://lars.timmann.de/wiki/index.php?title=TShark&oldid=922"