Linux tshark抓包

使用tshark进行抓包

注:需要安装wireshar抓包工具

安装:yum -y install wireshark

# 可以抓的包
命令:tshark

 

# 抓取mysql查询

命令:tshark -n -i eth0 'mysql.query' -T fields -e 'ip.src' -e 'mysql.query'

 

# 抓取指定类型的mysql查询

tshark -n -i eth0 -R 'mysql matches "SELECT|INSERT|DELETE|UPDATE"' -T fields -e 'ip.src' -e 'mysql.query'

 

# 统计http的状态

tshark -n -q -z http,stat, -z http,tree
===================================================================
 HTTP/Packet Counter           value            rate         percent
-------------------------------------------------------------------
 Total HTTP Packets               0                               
  HTTP Request Packets             0                               
  HTTP Response Packets            0                               
   ???: broken                      0                               
   1xx: Informational               0                               
   2xx: Success                     0                               
   3xx: Redirection                 0                               
   4xx: Client Error                0                               
   5xx: Server Error                0                               
  Other HTTP Packets               0                               

===================================================================

===================================================================
HTTP Statistics
* HTTP Status Codes in reply packets
* List of HTTP Request methods
===================================================================
测试

 

posted @ 2018-01-17 19:57  kevin.Xiang  阅读(529)  评论(0编辑  收藏  举报