基于MySQL协议的抓包工具:MySQL Sniffer

MySQL Sniffer 是一个基于 MySQL 协议的抓包工具，实时抓取 MySQLServer 端的请求，并格式化输出。输出内容包访问括时间、访问用户、来源 IP、访问 Database、命令耗时、返回数据行数、执行语句等。有批量抓取多个端口，后台运行，日志分割等多种使用方式，操作便捷，输出友好。同时也适用抓取 Atlas 端的请求，Atlas 是奇虎开源的一款基于MySQL协议的数据中间层项目，项目地址：https://github.com/Qihoo360/Atlas，同类型工具还有vc-mysql-sniffer，以及 tshark 的 -e mysql.query 参数来解析 MySQL 协议。

安装步骤

1、yum install cmake libpcap-devel glib2-devel libnet-devel 2、下载
mysql-sniffer-master.zip
地址：Git clone https://github.com/Qihoo360/mysql-sniffer.git

[root@iZwz92rdgnfi06a44tn3m9Z data]# unzip mysql-sniffer-master.zip 
cd mysql-sniffermkdir projcd projcmake ../makecd bin/

[root@iZwz92rdgnfi06a44tn3m9Z bin]# ./mysql-sniffer -h
Usage ./mysql-sniffer [-d] -i eth0 -p 3306,3307,3308 -l /var/log/mysql-sniffer/ -e stderr
         [-d] -i eth0 -r 3000-4000
         -d daemon mode.
         -s how often to split the log file(minute, eg. 1440). if less than 0, split log everyday
         -i interface. Default to eth0
         -p port, default to 3306. Multiple ports should be splited by ','. eg. 3306,3307
            this option has no effect when -f is set.
         -r port range, Don't use -r and -p at the same time
         -l query log DIRECTORY. Make sure that the directory is accessible. Default to stdout.
         -e error log FILENAME or 'stderr'. if set to /dev/null, runtime error will not be recorded
         -f filename. use pcap file instead capturing the network interface
         -w white list. dont capture the port. Multiple ports should be splited by ','.
         -t truncation length. truncate long query if it's longer than specified length. Less than 0 means no truncation
         -n keeping tcp stream count, if not set, default is 65536. if active tcp count is larger than the specified count, mysql-sniffer will remove the oldest one
[root@iZwz92rdgnfi06a44tn3m9Z bin]# pwd