Linux tshark抓包
使用tshark进行抓包
注:需要安装wireshar抓包工具
安装:yum -y install wireshark
# 可以抓的包 命令:tshark
# 抓取mysql查询
命令:tshark -n -i eth0 'mysql.query' -T fields -e 'ip.src' -e 'mysql.query'
# 抓取指定类型的mysql查询
tshark -n -i eth0 -R 'mysql matches "SELECT|INSERT|DELETE|UPDATE"' -T fields -e 'ip.src' -e 'mysql.query'
# 统计http的状态
tshark -n -q -z http,stat, -z http,tree
=================================================================== HTTP/Packet Counter value rate percent ------------------------------------------------------------------- Total HTTP Packets 0 HTTP Request Packets 0 HTTP Response Packets 0 ???: broken 0 1xx: Informational 0 2xx: Success 0 3xx: Redirection 0 4xx: Client Error 0 5xx: Server Error 0 Other HTTP Packets 0 =================================================================== =================================================================== HTTP Statistics * HTTP Status Codes in reply packets * List of HTTP Request methods ===================================================================