tcpdump抓包常用命令

抓取mysql执行的sql语句

tcpdump -i eth1 -s 0 -l -w - dst  port 3306 | strings

抓取mysql通讯的网络包(cap用wireshark打开)

tcpdump -n -nn -tttt -i eth0 -s 65535 'port 3306' -w 20160505mysql.cap

各种远程抓包方法

 -s 0 -w /tmp/sniff.pcap port  # On the remote side
mkfifo /tmp/fifo; ssh-keygen; ssh-copyid root@remotehostaddress; sudo ssh root@remotehost "tshark -i eth1 -f 'not tcp port 22' -w -" > /tmp/fifo &; sudo wireshark -k -i /tmp/fifo;
ssh user@server.com sudo tcpdump -i eth0  -w - 'port 80'| /Applications/Wireshark.app/Contents/Resources/bin/wireshark -k -i -
ssh root@HOST tcpdump -iany -U -s0 -w - 'not port 22' | wireshark -k -i -

参考资料
analyze traffic remotely over ssh w/ wireshark

打赏

发表评论

电子邮件地址不会被公开。 必填项已用*标注