我从远程用Navicat连mysql, 是可以抓到数据的
但是本地的LAMP网站被访问时, 啥也抓不到
貌似LAMP访问时走的不是eth0或lo?
我需要抓的是php读mysql的操作, 但是抓不到

还有, 本地直接 mysql -u root -p 的操作也抓不到包
猜想是一个问题

[mysql-sniffer/proj]$make
Scanning dependencies of target mysql-sniffer
[ 16%] Building C object bin/CMakeFiles/mysql-sniffer.dir/main.c.o
[ 33%] Building C object bin/CMakeFiles/mysql-sniffer.dir/mysql-dissector.c.o
/mysql-sniffer/src/mysql-dissector.c: In function ‘decode_mysql_lenenc_int’:
/mysql-sniffer/src/mysql-dissector.c:112:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
return (int)value;
^
[ 50%] Building C object bin/CMakeFiles/mysql-sniffer.dir/util.c.o
[ 66%] Building CXX object bin/CMakeFiles/mysql-sniffer.dir/session.cpp.o
[ 83%] Building CXX object bin/CMakeFiles/mysql-sniffer.dir/sniff-config.cpp.o
/mysql-sniffer/src/sniff-config.cpp: In function ‘int parse_cmdline_option(int, char**)’:
/mysql-sniffer/src/sniff-config.cpp:183:9: warning: variable ‘opt_len’ set but not used [-Wunused-but-set-variable]
int opt_len;
^
[100%] Building CXX object bin/CMakeFiles/mysql-sniffer.dir/sniff-log.cpp.o
Linking CXX executable mysql-sniffer
[100%] Built target mysql-sniffer

最难的预编译解析没有做～～

mysql-sniffer -i lo -p 3306
抓不到任何数据

[ 83%] Building CXX object bin/CMakeFiles/mysql-sniffer.dir/sniff-config.cpp.o
/root/mysql-sniffer/src/sniff-config.cpp: 在函数‘int parse_cmdline_option(int, char**)’中:
/root/mysql-sniffer/src/sniff-config.cpp:183:9: 警告：variable ‘opt_len’ set but not used [-Wunused-but-set-variable]
int opt_len;
^
[100%] Building CXX object bin/CMakeFiles/mysql-sniffer.dir/sniff-log.cpp.o
Linking CXX executable mysql-sniffer
/usr/bin/ld: /root/mysql-sniffer/lib/libgthread-2.0.a(gthread-impl.o): undefined reference to symbol 'pthread_setspecific@@GLIBC_2.2.5'
//usr/lib64/libpthread.so.0: error adding symbols: DSO missing from command line
collect2: 错误：ld 返回 1
make[2]: *** [bin/mysql-sniffer] 错误 1
make[1]: *** [bin/CMakeFiles/mysql-sniffer.dir/all] 错误 2
make: *** [all] 错误 2
##########################################################################
系统环境：CentOS7
glib2-devel-2.54.2-2.el7.x86_64 libpcap-devel-1.5.3-11.el7.x86_64 libnet-devel-1.1.6-7.el7.x86_64

运维环境的机器各种so依赖库不全，假如能全静态编译，生成一个任何环境都能运行的二进制包就很方便，不用折腾各种依赖包和版本了

在执行“cmake ../”的时候，报如下错误：
cp: cannot create regular file ‘../../lib/libnidstcpreasm.a’: No such file or directory

Dec 27 15:44:47 localhost kernel: mysql-sniffer[22798]: segfault at 189149d ip 0000000000414878 sp 00007fffb7cf49c0 error 4 in mysql-sniffer[400000+9a000]
Dec 27 15:44:47 localhost abrt-hook-ccpp: Process 22798 (mysql-sniffer) of user 0 killed by SIGSEGV - dumping core
Dec 27 15:44:47 localhost kernel: device em2 left promiscuous mode
Dec 27 15:44:47 localhost abrt-server: Executable '/opt/mysql-sniffer-master/proj/bin/mysql-sniffer' doesn't belong to any package and ProcessUnpackaged is set to 'no'

环境：CentOS Linux release 7.3.1611 (Core)，MySQL.5.7

动不动就中断了，这个可咋用呀。帮忙抽空看看，啥原因啊，或者微信群也可以。

I need to trace the handshake authentication stage. Basically, i need to filter only how the client authenticates itsef in order to know if he is using the older or the new protocol ( 4.1 and above ).
By adding a dedicated switch, the sniffer should only display the different info excahnged between the client and the server and the threadID created.

用git@github这种方式会失败：
root@xxxx:/tmp>git clone [email protected]:Qihoo360/mysql-sniffer.git Initialized empty Git repository in /tmp/mysql-sniffer/.git/ The authenticity of host 'github.com (192.30.255.112)' can't be established. RSA key fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'github.com,192.30.255.112' (RSA) to the list of known hosts. Permission denied (publickey). fatal: The remote end hung up unexpectedly

而换成https://github.com/Qihoo360/mysql-sniffer就没关系
root@xxxx:/tmp>git clone https://github.com/Qihoo360/mysql-sniffer Initialized empty Git repository in /tmp/mysql-sniffer/.git/ remote: Counting objects: 236, done. remote: Total 236 (delta 0), reused 0 (delta 0), pack-reused 236 Receiving objects: 100% (236/236), 262.06 KiB | 227 KiB/s, done. Resolving deltas: 100% (100/100), done.

在抓包的时候突然进程就停了，输出的错误日志没有相关信息,在错误日志中只有一下如下的信息

FILE: /opt/mysql-sniffer-master/src/mysql-dissector.c LINE: 339 in mysql_dissect_query_result:"Server: Query Result New data: 4395534"
FILE: /opt/mysql-sniffer-master/src/mysql-dissector.c LINE: 364 in mysql_dissect_query_result:"Entering Server Result Phase2 from QueryResult state..."
FILE: /opt/mysql-sniffer-master/src/mysql-dissector.c LINE: 339 in mysql_dissect_query_result:"Server: Query Result New data: 6057035"
FILE: /opt/mysql-sniffer-master/src/mysql-dissector.c LINE: 364 in mysql_dissect_query_result:"Entering Server Result Phase2 from QueryResult state..."
FILE: /opt/mysql-sniffer-master/src/mysql-dissector.c LINE: 339 in mysql_dissect_query_result:"Server: Query Result New data: 4319785"
FILE: /opt/mysql-sniffer-master/src/mysql-dissector.c LINE: 364 in mysql_dissect_query_result:"Entering Server Result Phase2 from

在 /var/log/message 在的错误

May  3 11:33:03 oALEUkH0QJ kernel: mysql-sniffer[13127]: segfault at 7f82d253c000 ip 000000325e08995f sp 00007fff715ffc78 error 4 in libc-2.12.so[325e000000+18a000]
May  3 11:33:03 oALEUkH0QJ kernel: device eth1 left promiscuous mode
May  3 11:35:53 oALEUkH0QJ kernel: device eth1 entered promiscuous mode
May  3 11:58:05 oALEUkH0QJ kernel: mysql-sniffer[13295]: segfault at 485a000 ip 0000000000405600 sp 00007fff6afaa158 error 4 in mysql-sniffer[400000+12000]

./mysql-sniffer -i bond0 -p 3306 -l /tmp/

Segmentation fault (core dumped)

建立proj目录进行编译时，出现「cp: cannot create regular file `../../lib/libnidstcpreasm.a': No such file or directory」错误。尝试很多方法，最终还是出现以下错误
Linking CXX executable mysql-sniffer
/usr/bin/ld: cannot find -lnidstcpreasm

1

我使用proxysql作为代理，启动的是6033端口
./mysql-sniffer -i eth0 -p 6033
没有数据？

CentOS7.9+MySQL5.7.30抓不到数据，一直挂着，tcpdump是可以抓到的。
把MySQL换成5.6可以抓到数据。说明不支持5.7了

[ 14%] Building C object bin/CMakeFiles/mysql-sniffer.dir/main.c.o
/tmp/mysql-sniffer/src/main.c:67:64: warning: declaration of 'struct iphdr' will not be visible outside of this function
[-Wvisibility]
void tcp_resume_is_client(struct tcphdr* packet_tcphdr, struct iphdr* packet_iphdr, int* is_client){
^
/tmp/mysql-sniffer/src/main.c:80:37: error: no member named 'dest' in 'struct tcphdr'
int port = ntohs(packet_tcphdr->dest);
~~~~~~~~~~~~~ ^
/usr/include/sys/_endian.h:132:39: note: expanded from macro 'ntohs'
#define ntohs(x) __DARWIN_OSSwapInt16(x)
^
/usr/include/libkern/_OSByteOrder.h:72:40: note: expanded from macro '__DARWIN_OSSwapInt16'
((__uint16_t)(__builtin_constant_p(x) ? __DARWIN_OSSwapConstInt16(x) : _OSSwapInt16(x)))
^
/tmp/mysql-sniffer/src/main.c:80:37: error: no member named 'dest' in 'struct tcphdr'
int port = ntohs(packet_tcphdr->dest);
~~~~~~~~~~~~~ ^
/usr/include/sys/_endian.h:132:39: note: expanded from macro 'ntohs'
#define ntohs(x) __DARWIN_OSSwapInt16(x)
^
/usr/include/libkern/_OSByteOrder.h:72:71: note: expanded from macro '__DARWIN_OSSwapInt16'
((__uint16_t)(__builtin_constant_p(x) ? __DARWIN_OSSwapConstInt16(x) : _OSSwapInt16(x)))
^
/usr/include/libkern/_OSByteOrder.h:44:34: note: expanded from macro '__DARWIN_OSSwapConstInt16'
((__uint16_t)((((__uint16_t)(x) & 0xff00) >> 8) |
^
/tmp/mysql-sniffer/src/main.c:80:37: error: no member named 'dest' in 'struct tcphdr'
int port = ntohs(packet_tcphdr->dest);
~~~~~~~~~~~~~ ^
/usr/include/sys/_endian.h:132:39: note: expanded from macro 'ntohs'
#define ntohs(x) __DARWIN_OSSwapInt16(x)
^
/usr/include/libkern/_OSByteOrder.h:72:71: note: expanded from macro '__DARWIN_OSSwapInt16'
((__uint16_t)(__builtin_constant_p(x) ? __DARWIN_OSSwapConstInt16(x) : _OSSwapInt16(x)))
^
/usr/include/libkern/_OSByteOrder.h:45:32: note: expanded from macro '__DARWIN_OSSwapConstInt16'
(((__uint16_t)(x) & 0x00ff) << 8)))
^
/tmp/mysql-sniffer/src/main.c:80:37: error: no member named 'dest' in 'struct tcphdr'
int port = ntohs(packet_tcphdr->dest);
~~~~~~~~~~~~~ ^
/usr/include/sys/_endian.h:132:39: note: expanded from macro 'ntohs'
#define ntohs(x) __DARWIN_OSSwapInt16(x)
^
/usr/include/libkern/_OSByteOrder.h:72:89: note: expanded from macro '__DARWIN_OSSwapInt16'
((__uint16_t)(__builtin_constant_p(x) ? __DARWIN_OSSwapConstInt16(x) : _OSSwapInt16(x)))
^
/tmp/mysql-sniffer/src/main.c:87:28: error: incomplete definition of type 'struct iphdr'
if(packet_iphdr->daddr == this_ipaddr.s_addr && config_is_server_port(port)){
~~~~~~~~~~~~^
/tmp/mysql-sniffer/src/main.c:67:64: note: forward declaration of 'struct iphdr'
void tcp_resume_is_client(struct tcphdr* packet_tcphdr, struct iphdr* packet_iphdr, int* is_client){
^
/tmp/mysql-sniffer/src/main.c:147:9: warning: 'daemon' is deprecated: first deprecated in macOS 10.5 - Use posix_spawn APIs
instead. [-Wdeprecated-declarations]
daemon(1, 0);
^
/usr/include/stdlib.h:285:6: note: 'daemon' has been explicitly marked deprecated here
int daemon(int, int) __DARWIN_1050(daemon) __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_5, __IPHONE_2_0, ...
^
2 warnings and 5 errors generated.
make[2]: *** [bin/CMakeFiles/mysql-sniffer.dir/main.c.o] Error 1
make[1]: *** [bin/CMakeFiles/mysql-sniffer.dir/all] Error 2
make: *** [all] Error 2

日志文件记录不能实时记录，必须手动终止命令之后，日志文件才会出现记录。否则日志文件一行记录也没有。这是bug吗？还是就我这样。。

在使用抓包过程中，突然闪退，出现「Segmentation fault 」错误。

/usr/bin/ld: /root/mysql-sniffer/lib/libgthread-2.0.a(gthread-impl.o): undefined reference to symbol 'pthread_setspecific@@GLIBC_2.2.5'
//lib/x86_64-linux-gnu/libpthread.so.0: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
bin/CMakeFiles/mysql-sniffer.dir/build.make:224: recipe for target 'bin/mysql-sniffer' failed
make[2]: *** [bin/mysql-sniffer] Error 1
CMakeFiles/Makefile2:85: recipe for target 'bin/CMakeFiles/mysql-sniffer.dir/all' failed
make[1]: *** [bin/CMakeFiles/mysql-sniffer.dir/all] Error 2
Makefile:83: recipe for target 'all' failed
make: *** [all] Error 2

mysql-sniffer -f xxxxxx.pcap，耗时那列的结果都是0ms

MYSQL开启SSL通信。如何导入证书

下载mysql-sniffer-master
编译安装没问题
连接客户端测试，但是抓不到任何数据？

需要一个g++编译器，不然会报错

Compiling the CXX compiler identification source file "CMakeCXXCompilerId.cpp" failed.
Compiler: CMAKE_CXX_COMPILER-NOTFOUND
Build flags:
Id flags:

The output was:
No such file or directory

https://gitee.com/anzhuangguai/mysql-sniffer.git

https://dev.mysql.com/doc/internals/en/packet-EOF_Packet.html

make 报错
[100%] Linking CXX executable mysql-sniffer
/usr/bin/ld: cannot find -lnidstcpreasm

在指定日志切割时间的时候，发现切割的方式只是将原有的日志情况。并不是想象的会吧。日志重命名，再重新生成一下新的日志

针对大流量场景做过优化吗？

mysql-sniffer -i eth0 -p 3306 -e stderr 显示如下内容
FILE: /root/mysql-sniffer/src/session.cpp LINE: 109 in add_mysql_resume_session:"adding resume session: -1542805312:46464 -> -284514112:3306"
FILE: /root/mysql-sniffer/src/mysql-dissector.c LINE: 484 in handle_resume_state:"handle resume state: current state: SESSION_STATE_RESUME_START msg_type: client "
FILE: /root/mysql-sniffer/src/mysql-dissector.c LINE: 538 in mysql_dissector:"handle canceled due to resume state"
FILE: /root/mysql-sniffer/src/mysql-dissector.c LINE: 484 in handle_resume_state:"handle resume state: current state: SESSION_STATE_RESUME_WAIT_SERVER msg_type: server "
FILE: /root/mysql-sniffer/src/mysql-dissector.c LINE: 538 in mysql_dissector:"handle canceled due to resume state"

killtcp.c:59:20: error: libnet.h: No such file or directory
killtcp.c:60: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘tcp_tag’
killtcp.c:62: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘*’ token
killtcp.c: In function ‘raw_init’:
killtcp.c:66: error: ‘l’ undeclared (first use in this function)
killtcp.c:66: error: (Each undeclared identifier is reported only once
killtcp.c:66: error: for each function it appears in.)
killtcp.c:66: error: ‘LIBNET_RAW4’ undeclared (first use in this function)
killtcp.c: In function ‘nids_killtcp_seq’:
killtcp.c:79: error: ‘l’ undeclared (first use in this function)
killtcp.c:81: error: ‘tcp_tag’ undeclared (first use in this function)
killtcp.c:85: error: ‘LIBNET_TCP_H’ undeclared (first use in this function)
killtcp.c:86: error: ‘ip_tag’ undeclared (first use in this function)
killtcp.c:87: error: ‘LIBNET_IPV4_H’ undeclared (first use in this function)
make: *** [killtcp.o] Error 1