Linux’da Tshark ile Mysql,Memcache ve PostgreSQL Trafiğini Analiz Etme
Mysql (3306) paketlerini analiz etmek için:
1 |
# /usr/sbin/tshark -d tcp.port==3306,mysql -T fields -R mysql.query -e frame.time -e ip.src -e ip.dst -e mysql.query |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
[root@sessiondb ~]$tshark -d tcp.port==3306,mysql -T fields -R mysql.query -e frame.time -e ip.src -e ip.dst -e mysql.query Running as user "root" and group "root". This could be dangerous. Capturing on eth0 May 22, 2015 14:24:13.515665000 10.10.140.30 10.10.141.70 select @@session.tx_read_only May 22, 2015 14:24:13.516158000 10.10.140.30 10.10.141.70 update sessionsV2 set accessTime = 1432293853449, lastAccessTime = 1432293736476, lastUpdatedTime = 1432293853511, expiryTime = 1432295653449 where sessionId = '56edda9cfaaf44f8a57cfb0c85094200' May 22, 2015 14:24:13.518402000 10.10.140.30 10.10.141.70 SET autocommit=1 May 22, 2015 14:24:13.518697000 10.10.140.30 10.10.141.70 set session transaction read write May 22, 2015 14:24:13.536207000 10.10.140.29 10.10.141.70 select * from sessionsV2 where sessionId = 'f1e21f16ae7b4b958a8223cf9022b4c0' May 22, 2015 14:24:13.537542000 10.10.140.29 10.10.141.70 SET autocommit=1 May 22, 2015 14:24:13.537781000 10.10.140.29 10.10.141.70 set session transaction read write May 22, 2015 14:24:13.554846000 10.10.140.29 10.10.141.70 select @@session.tx_read_only May 22, 2015 14:24:13.555251000 10.10.140.29 10.10.141.70 update sessionsV2 set accessTime = 1432293853537, lastAccessTime = 1432293757464, lastUpdatedTime = 1432293853553, expiryTime = 1432295653537 where sessionId = 'f1e21f16ae7b4b958a8223cf9022b4c0' May 22, 2015 14:24:13.556247000 10.10.140.9 10.10.141.70 select * from sessionsV2 where sessionId = 'f8ff81b391e34c1098f6fd08df0ebabc' May 22, 2015 14:24:13.557241000 10.10.140.9 10.10.141.70 SET autocommit=1 May 22, 2015 14:24:13.557481000 10.10.140.9 10.10.141.70 set session transaction read write May 22, 2015 14:24:13.558348000 10.10.140.29 10.10.141.70 SET autocommit=1 May 22, 2015 14:24:13.558625000 10.10.140.29 10.10.141.70 set session transaction read write May 22, 2015 14:24:13.559593000 10.10.140.29 10.10.141.70 select * from sessionsV2 where sessionId = '84dd557532d745cf83063a9d65c0d67d' May 22, 2015 14:24:13.561145000 10.10.140.29 10.10.141.70 SET autocommit=1 May 22, 2015 14:24:13.561483000 10.10.140.29 10.10.141.70 set session transaction read write May 22, 2015 14:24:13.561614000 10.10.140.9 10.10.141.70 select * from sessionsV2 where sessionId = 'be5167049cce4b2eaccd619fbe2fc6d0' May 22, 2015 14:24:13.562634000 10.10.140.30 10.10.141.70 select * from sessionsV2 where sessionId = '47d6b5fca3ca413b87b1184b0339ced9' May 22, 2015 14:24:13.562658000 10.10.140.9 10.10.141.70 SET autocommit=1 |
Memcache (11211) paketlerini analiz etmek için:
1 |
# /usr/sbin/tshark -d tcp.port==3306,mysql -T fields -R mysql.query -e frame.time -e ip.src -e ip.dst -e mysql.query |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
[root@memcache ~]$tshark -d tcp.port==11211,memcache -T fields -R memcache.command -e frame.time -e ip.src -e ip.dst -e memcache.key -e tcp.analysis.ack_rtt Running as user "root" and group "root". This could be dangerous. Capturing on eth0 May 22, 2015 14:21:46.309078000 10.10.11.150 10.10.11.60 videosRelated:1035167-20 May 22, 2015 14:21:46.311851000 10.10.11.150 10.10.11.60 videosRelated:1035167-20 May 22, 2015 14:21:46.359910000 10.10.11.131 10.10.11.60 getWeeklyMostLikedVideosByCategoryId-2233785415175766016-true-0-4 May 22, 2015 14:21:46.406764000 10.10.11.131 10.10.11.60 getMostUsedTagsByCategory144188787844644864 May 22, 2015 14:21:46.408895000 10.10.11.131 10.10.11.60 getMostUsedTagsByCategory144188787844644864 May 22, 2015 14:21:46.409494000 10.10.11.131 10.10.11.60 getAllTimeMostViewedVideosBySubjectId-144188787844644864-false-0-12 0.000525000 May 22, 2015 14:21:46.414209000 10.10.11.131 10.10.11.60 getAllTimeMostViewedVideosBySubjectId-144188787844644864-false-0-12 0.004652000 May 22, 2015 14:21:46.416596000 10.10.11.131 10.10.11.60 getMostUsedTagsByCategory144188787844644864 0.002320000 May 22, 2015 14:21:46.464455000 10.10.11.161 10.10.11.60 getAllTimeMostViewedVideosBySubjectId-144188787843465216-false-0-1000 May 22, 2015 14:21:46.510011000 10.10.11.161 10.10.11.60 getAllTimeMostViewedVideosBySubjectId-144188787843465216-false-0-1000 May 22, 2015 14:21:46.534224000 10.10.11.132 10.10.11.60 getAllTimeMostViewedVideosByCategoryId-144115188075855872-true-0-7 May 22, 2015 14:21:46.534705000 10.10.11.132 10.10.11.60 getAllTimeMostViewedVideosBySubjectId-144468750186315776-false-0-1000 May 22, 2015 14:21:46.538686000 10.10.11.132 10.10.11.60 getAllTimeMostViewedVideosBySubjectId-144468750186315776-false-0-100 0.003943000 May 22, 2015 14:21:46.686373000 10.10.11.131 10.10.11.60 getMostUsedTagsByCategory2233997002444636160 May 22, 2015 14:21:46.725696000 10.10.11.131 10.10.11.60 getMostUsedTagsByCategory2233997002444636160 May 22, 2015 14:21:46.830658000 10.10.11.132 10.10.11.60 getAllTimeMostViewedVideosByCategoryId-792633534417207296-true-0-7 May 22, 2015 14:21:46.841205000 10.10.11.151 10.10.11.60 videosRelated:11449-2 May 22, 2015 14:21:46.845536000 10.10.11.152 10.10.11.60 videosRelated:1060604-20 May 22, 2015 14:21:46.845899000 10.10.11.151 10.10.11.60 videosRelated:11449-2 May 22, 2015 14:21:46.848504000 10.10.11.132 10.10.11.60 getAllTimeMostViewedVideosBySubjectId-794463877680070656-false-0-100 May 22, 2015 14:21:46.851233000 10.10.11.152 10.10.11.60 videosRelated:1060604-20 May 22, 2015 14:21:46.852728000 10.10.11.132 10.10.11.60 getAllTimeMostViewedVideosBySubjectId-794463877680070656-false-0-100 0.004186000 May 22, 2015 14:21:46.855717000 10.10.11.130 10.10.11.60 getAllTimeMostViewedVideosBySubjectId-433616118632939520-false-0-1000 May 22, 2015 14:21:46.860161000 10.10.11.130 10.10.11.60 getAllTimeMostViewedVideosBySubjectId-433616118632939520-false-0-1000 May 22, 2015 14:21:46.863011000 10.10.11.130 10.10.11.60 getRelatedVideos:1051279 0.002803000 May 22, 2015 14:21:46.869374000 10.10.11.130 10.10.11.60 getRelatedVideos:1051279 May 22, 2015 14:21:46.902502000 10.10.11.131 10.10.11.60 getAllTimeMostViewedVideosByCategoryId-144115188075855872-true-0-7 May 22, 2015 14:21:46.915220000 10.10.11.150 10.10.11.60 videosRelated:13266-2 May 22, 2015 14:21:46.921715000 10.10.11.150 10.10.11.60 videosRelated:13266-2 |
PostgreSQL (3306) paketlerini analiz etmek için:
1 |
# /usr/sbin/tshark -d tcp.port==3306,pgsql -T fields -R pgsql.query -e frame.time -e ip.src -e ip.dst -e pgsql.query |
So, what do you think ?