 MySQL网络抓包审计
MySQL网络抓包审计
  Tcpdump 抓包
#!/bin/bash
#this script used montor mysql network traffic.echo sql
tcpdump -i bond0 -s 0 -l -w - dst port 3366 | strings | perl -e '
while(<>) { chomp; next if /^[^ ]+[ ]*$/;
    if(/^(SELECT|UPDATE|DELETE|INSERT|SET|COMMIT|ROLLBACK|CREATE|DROP|ALTER|CALL)/i)
    {
        if (defined $q) { print "$q\n"; }
        $q=$_;
    } else {
        $_ =~ s/^[ \t]+//; $q.=" $_";
    }
}'
1
2
3
4
5
6
7
8
9
10
11
12
2
3
4
5
6
7
8
9
10
11
12
vc-mysql-sniffer抓包
yum install cmake
yum install  libpcap-devel
yum install  glib2-devel
yum install  libnet-devel
1
2
3
4
2
3
4
git clone https://github.com/Qihoo360/mysql-sniffer.git
cd mysql-sniffer
mkdir proj
cd proj
cmake ../
make
在bin目录下面生成了:
mysql-sniffer
1
2
3
4
5
6
7
8
2
3
4
5
6
7
8
$ sudo ./vc-mysql-sniffer  --help
vc-mysql-sniffer is a utility from VividCortex to monitor query activity and write results to a file.
See --license for the terms governing your usage of this program.
  -binding="[::]:3306"         This is a list of comma separated bind strings as seen in /proc/net/tcp
  -help="false"                Show this usage message
  -help-json="false"           Show this usage message as JSON
  -license="false"             Print the usage terms of this program
  -output=""                   Filepath to output queries to. Defaults to stdout if none specified.
  -show-database="false"       Include a 'USE `database`' for every statement. Supersedes show-database-changes.
  -show-database-changes="true"
                               Include a 'USE `database`' every time the database is changed.
  -verbose="false"             Enable logging on program startup to stderr
  -version="false"             Show version and exit
  Flag                         Current value
--------------------------------------------
  -binding                     "[::]:3306"
  -help                        "true"
  -help-json                   "false"
  -license                     "false"
  -output                      ""
  -show-database               "false"
  -show-database-changes       "true"
  -verbose                     "false"
  -version                     "false"
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
上次更新: 6/21/2025
