Skip to main content

Wireshark抓包调试

过滤器条件：抓包MySQL执行记录

# 过滤指定时间段，指定sql中的关键字
(frame.time >= "2024-04-12 10:33:24") && (frame.time <= "2024-04-12 10:33:51") and mysql and mysql.command == 3 and mysql.query contains "UPDATE" and mysql.query contains "15980618"

# 过滤指定IP
mysql and mysql.command == 3 and ip.src_host == "192.168.91.100"

tcpdump抓包MySQL

# 将抓包结果保存到文件中，再手动导入到wireshark中进行过滤和分析
tcpdump -i any -s 0 -w mysql_traffic.pcap port 3306

过滤器条件：抓包MySQL执行记录
tcpdump抓包MySQL