qihoo360 / mysql-sniffer Goto Github PK
View Code? Open in Web Editor NEWmysql-sniffer is a network traffic analyzer tool for mysql, it is developed by Qihoo DBA and infrastructure team
License: MIT License
mysql-sniffer is a network traffic analyzer tool for mysql, it is developed by Qihoo DBA and infrastructure team
License: MIT License
我从远程用Navicat连mysql, 是可以抓到数据的
但是本地的LAMP网站被访问时, 啥也抓不到
貌似LAMP访问时走的不是eth0或lo?
我需要抓的是php读mysql的操作, 但是抓不到
还有, 本地直接 mysql -u root -p 的操作也抓不到包
猜想是一个问题
[mysql-sniffer/proj]$make
Scanning dependencies of target mysql-sniffer
[ 16%] Building C object bin/CMakeFiles/mysql-sniffer.dir/main.c.o
[ 33%] Building C object bin/CMakeFiles/mysql-sniffer.dir/mysql-dissector.c.o
/mysql-sniffer/src/mysql-dissector.c: In function ‘decode_mysql_lenenc_int’:
/mysql-sniffer/src/mysql-dissector.c:112:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
return (int)value;
^
[ 50%] Building C object bin/CMakeFiles/mysql-sniffer.dir/util.c.o
[ 66%] Building CXX object bin/CMakeFiles/mysql-sniffer.dir/session.cpp.o
[ 83%] Building CXX object bin/CMakeFiles/mysql-sniffer.dir/sniff-config.cpp.o
/mysql-sniffer/src/sniff-config.cpp: In function ‘int parse_cmdline_option(int, char**)’:
/mysql-sniffer/src/sniff-config.cpp:183:9: warning: variable ‘opt_len’ set but not used [-Wunused-but-set-variable]
int opt_len;
^
[100%] Building CXX object bin/CMakeFiles/mysql-sniffer.dir/sniff-log.cpp.o
Linking CXX executable mysql-sniffer
[100%] Built target mysql-sniffer
最难的预编译解析没有做~~
mysql-sniffer -i lo -p 3306
抓不到任何数据
[ 83%] Building CXX object bin/CMakeFiles/mysql-sniffer.dir/sniff-config.cpp.o
/root/mysql-sniffer/src/sniff-config.cpp: 在函数‘int parse_cmdline_option(int, char**)’中:
/root/mysql-sniffer/src/sniff-config.cpp:183:9: 警告:variable ‘opt_len’ set but not used [-Wunused-but-set-variable]
int opt_len;
^
[100%] Building CXX object bin/CMakeFiles/mysql-sniffer.dir/sniff-log.cpp.o
Linking CXX executable mysql-sniffer
/usr/bin/ld: /root/mysql-sniffer/lib/libgthread-2.0.a(gthread-impl.o): undefined reference to symbol 'pthread_setspecific@@GLIBC_2.2.5'
//usr/lib64/libpthread.so.0: error adding symbols: DSO missing from command line
collect2: 错误:ld 返回 1
make[2]: *** [bin/mysql-sniffer] 错误 1
make[1]: *** [bin/CMakeFiles/mysql-sniffer.dir/all] 错误 2
make: *** [all] 错误 2
##########################################################################
系统环境:CentOS7
glib2-devel-2.54.2-2.el7.x86_64 libpcap-devel-1.5.3-11.el7.x86_64 libnet-devel-1.1.6-7.el7.x86_64
运维环境的机器各种so依赖库不全,假如能全静态编译,生成一个任何环境都能运行的二进制包就很方便,不用折腾各种依赖包和版本了
在执行“cmake ../”的时候,报如下错误:
cp: cannot create regular file ‘../../lib/libnidstcpreasm.a’: No such file or directory
Dec 27 15:44:47 localhost kernel: mysql-sniffer[22798]: segfault at 189149d ip 0000000000414878 sp 00007fffb7cf49c0 error 4 in mysql-sniffer[400000+9a000]
Dec 27 15:44:47 localhost abrt-hook-ccpp: Process 22798 (mysql-sniffer) of user 0 killed by SIGSEGV - dumping core
Dec 27 15:44:47 localhost kernel: device em2 left promiscuous mode
Dec 27 15:44:47 localhost abrt-server: Executable '/opt/mysql-sniffer-master/proj/bin/mysql-sniffer' doesn't belong to any package and ProcessUnpackaged is set to 'no'
环境:CentOS Linux release 7.3.1611 (Core),MySQL.5.7
动不动就中断了,这个可咋用呀。帮忙抽空看看,啥原因啊,或者微信群也可以。
I need to trace the handshake authentication stage. Basically, i need to filter only how the client authenticates itsef in order to know if he is using the older or the new protocol ( 4.1 and above ).
By adding a dedicated switch, the sniffer should only display the different info excahnged between the client and the server and the threadID created.
用git@github这种方式会失败:
root@xxxx:/tmp>git clone [email protected]:Qihoo360/mysql-sniffer.git Initialized empty Git repository in /tmp/mysql-sniffer/.git/ The authenticity of host 'github.com (192.30.255.112)' can't be established. RSA key fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'github.com,192.30.255.112' (RSA) to the list of known hosts. Permission denied (publickey). fatal: The remote end hung up unexpectedly
而换成https://github.com/Qihoo360/mysql-sniffer就没关系
root@xxxx:/tmp>git clone https://github.com/Qihoo360/mysql-sniffer Initialized empty Git repository in /tmp/mysql-sniffer/.git/ remote: Counting objects: 236, done. remote: Total 236 (delta 0), reused 0 (delta 0), pack-reused 236 Receiving objects: 100% (236/236), 262.06 KiB | 227 KiB/s, done. Resolving deltas: 100% (100/100), done.
在抓包的时候突然进程就停了,输出的错误日志没有相关信息,在错误日志中只有一下如下的信息
FILE: /opt/mysql-sniffer-master/src/mysql-dissector.c LINE: 339 in mysql_dissect_query_result:"Server: Query Result New data: 4395534"
FILE: /opt/mysql-sniffer-master/src/mysql-dissector.c LINE: 364 in mysql_dissect_query_result:"Entering Server Result Phase2 from QueryResult state..."
FILE: /opt/mysql-sniffer-master/src/mysql-dissector.c LINE: 339 in mysql_dissect_query_result:"Server: Query Result New data: 6057035"
FILE: /opt/mysql-sniffer-master/src/mysql-dissector.c LINE: 364 in mysql_dissect_query_result:"Entering Server Result Phase2 from QueryResult state..."
FILE: /opt/mysql-sniffer-master/src/mysql-dissector.c LINE: 339 in mysql_dissect_query_result:"Server: Query Result New data: 4319785"
FILE: /opt/mysql-sniffer-master/src/mysql-dissector.c LINE: 364 in mysql_dissect_query_result:"Entering Server Result Phase2 from
在 /var/log/message 在的错误
May 3 11:33:03 oALEUkH0QJ kernel: mysql-sniffer[13127]: segfault at 7f82d253c000 ip 000000325e08995f sp 00007fff715ffc78 error 4 in libc-2.12.so[325e000000+18a000]
May 3 11:33:03 oALEUkH0QJ kernel: device eth1 left promiscuous mode
May 3 11:35:53 oALEUkH0QJ kernel: device eth1 entered promiscuous mode
May 3 11:58:05 oALEUkH0QJ kernel: mysql-sniffer[13295]: segfault at 485a000 ip 0000000000405600 sp 00007fff6afaa158 error 4 in mysql-sniffer[400000+12000]
Segmentation fault (core dumped)
建立proj目录进行编译时,出现「cp: cannot create regular file `../../lib/libnidstcpreasm.a': No such file or directory」错误。尝试很多方法,最终还是出现以下错误
Linking CXX executable mysql-sniffer
/usr/bin/ld: cannot find -lnidstcpreasm
-- Check for working C compiler: /usr/local/bin/cc
-- Check for working C compiler: /usr/local/bin/cc -- broken
CMake Error at /usr/share/cmake/Modules/CMakeTestCCompiler.cmake:61 (message):
The C compiler "/usr/local/bin/cc" is not able to compile a simple test
program.
It fails with the following output:
Change Dir: /root/mysql-sniffer/proj/CMakeFiles/CMakeTmp
Run Build Command:/usr/bin/gmake "cmTryCompileExec3142220837/fast"
/usr/bin/gmake -f CMakeFiles/cmTryCompileExec3142220837.dir/build.make
CMakeFiles/cmTryCompileExec3142220837.dir/build
gmake[1]: Entering directory `/root/mysql-sniffer/proj/CMakeFiles/CMakeTmp'
/usr/bin/cmake -E cmake_progress_report
/root/mysql-sniffer/proj/CMakeFiles/CMakeTmp/CMakeFiles 1
Building C object
CMakeFiles/cmTryCompileExec3142220837.dir/testCCompiler.c.o
/usr/local/bin/cc -o
CMakeFiles/cmTryCompileExec3142220837.dir/testCCompiler.c.o -c
/root/mysql-sniffer/proj/CMakeFiles/CMakeTmp/testCCompiler.c
Linking C executable cmTryCompileExec3142220837
/usr/bin/cmake -E cmake_link_script
CMakeFiles/cmTryCompileExec3142220837.dir/link.txt --verbose=1
/usr/local/bin/cc
CMakeFiles/cmTryCompileExec3142220837.dir/testCCompiler.c.o -o
cmTryCompileExec3142220837 -rdynamic
collect2: error: ld terminated with signal 11 [段错误]
gmake[1]: Leaving directory `/root/mysql-sniffer/proj/CMakeFiles/CMakeTmp'
gmake[1]: *** [cmTryCompileExec3142220837] 错误 1
gmake: *** [cmTryCompileExec3142220837/fast] 错误 2
1
我使用proxysql作为代理,启动的是6033端口
./mysql-sniffer -i eth0 -p 6033
没有数据?
CentOS7.9+MySQL5.7.30抓不到数据,一直挂着,tcpdump是可以抓到的。
把MySQL换成5.6可以抓到数据。说明不支持5.7了
[ 14%] Building C object bin/CMakeFiles/mysql-sniffer.dir/main.c.o
/tmp/mysql-sniffer/src/main.c:67:64: warning: declaration of 'struct iphdr' will not be visible outside of this function
[-Wvisibility]
void tcp_resume_is_client(struct tcphdr* packet_tcphdr, struct iphdr* packet_iphdr, int* is_client){
^
/tmp/mysql-sniffer/src/main.c:80:37: error: no member named 'dest' in 'struct tcphdr'
int port = ntohs(packet_tcphdr->dest);
~~~~~~~~~~~~~ ^
/usr/include/sys/_endian.h:132:39: note: expanded from macro 'ntohs'
#define ntohs(x) __DARWIN_OSSwapInt16(x)
^
/usr/include/libkern/_OSByteOrder.h:72:40: note: expanded from macro '__DARWIN_OSSwapInt16'
((__uint16_t)(__builtin_constant_p(x) ? __DARWIN_OSSwapConstInt16(x) : _OSSwapInt16(x)))
^
/tmp/mysql-sniffer/src/main.c:80:37: error: no member named 'dest' in 'struct tcphdr'
int port = ntohs(packet_tcphdr->dest);
~~~~~~~~~~~~~ ^
/usr/include/sys/_endian.h:132:39: note: expanded from macro 'ntohs'
#define ntohs(x) __DARWIN_OSSwapInt16(x)
^
/usr/include/libkern/_OSByteOrder.h:72:71: note: expanded from macro '__DARWIN_OSSwapInt16'
((__uint16_t)(__builtin_constant_p(x) ? __DARWIN_OSSwapConstInt16(x) : _OSSwapInt16(x)))
^
/usr/include/libkern/_OSByteOrder.h:44:34: note: expanded from macro '__DARWIN_OSSwapConstInt16'
((__uint16_t)((((__uint16_t)(x) & 0xff00) >> 8) |
^
/tmp/mysql-sniffer/src/main.c:80:37: error: no member named 'dest' in 'struct tcphdr'
int port = ntohs(packet_tcphdr->dest);
~~~~~~~~~~~~~ ^
/usr/include/sys/_endian.h:132:39: note: expanded from macro 'ntohs'
#define ntohs(x) __DARWIN_OSSwapInt16(x)
^
/usr/include/libkern/_OSByteOrder.h:72:71: note: expanded from macro '__DARWIN_OSSwapInt16'
((__uint16_t)(__builtin_constant_p(x) ? __DARWIN_OSSwapConstInt16(x) : _OSSwapInt16(x)))
^
/usr/include/libkern/_OSByteOrder.h:45:32: note: expanded from macro '__DARWIN_OSSwapConstInt16'
(((__uint16_t)(x) & 0x00ff) << 8)))
^
/tmp/mysql-sniffer/src/main.c:80:37: error: no member named 'dest' in 'struct tcphdr'
int port = ntohs(packet_tcphdr->dest);
~~~~~~~~~~~~~ ^
/usr/include/sys/_endian.h:132:39: note: expanded from macro 'ntohs'
#define ntohs(x) __DARWIN_OSSwapInt16(x)
^
/usr/include/libkern/_OSByteOrder.h:72:89: note: expanded from macro '__DARWIN_OSSwapInt16'
((__uint16_t)(__builtin_constant_p(x) ? __DARWIN_OSSwapConstInt16(x) : _OSSwapInt16(x)))
^
/tmp/mysql-sniffer/src/main.c:87:28: error: incomplete definition of type 'struct iphdr'
if(packet_iphdr->daddr == this_ipaddr.s_addr && config_is_server_port(port)){
~~~~~~~~~~~~^
/tmp/mysql-sniffer/src/main.c:67:64: note: forward declaration of 'struct iphdr'
void tcp_resume_is_client(struct tcphdr* packet_tcphdr, struct iphdr* packet_iphdr, int* is_client){
^
/tmp/mysql-sniffer/src/main.c:147:9: warning: 'daemon' is deprecated: first deprecated in macOS 10.5 - Use posix_spawn APIs
instead. [-Wdeprecated-declarations]
daemon(1, 0);
^
/usr/include/stdlib.h:285:6: note: 'daemon' has been explicitly marked deprecated here
int daemon(int, int) __DARWIN_1050(daemon) __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_5, __IPHONE_2_0, ...
^
2 warnings and 5 errors generated.
make[2]: *** [bin/CMakeFiles/mysql-sniffer.dir/main.c.o] Error 1
make[1]: *** [bin/CMakeFiles/mysql-sniffer.dir/all] Error 2
make: *** [all] Error 2
日志文件记录不能实时记录,必须手动终止命令之后,日志文件才会出现记录。否则日志文件一行记录也没有。这是bug吗?还是就我这样。。
在使用抓包过程中,突然闪退,出现「Segmentation fault 」错误。
/usr/bin/ld: /root/mysql-sniffer/lib/libgthread-2.0.a(gthread-impl.o): undefined reference to symbol 'pthread_setspecific@@GLIBC_2.2.5'
//lib/x86_64-linux-gnu/libpthread.so.0: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
bin/CMakeFiles/mysql-sniffer.dir/build.make:224: recipe for target 'bin/mysql-sniffer' failed
make[2]: *** [bin/mysql-sniffer] Error 1
CMakeFiles/Makefile2:85: recipe for target 'bin/CMakeFiles/mysql-sniffer.dir/all' failed
make[1]: *** [bin/CMakeFiles/mysql-sniffer.dir/all] Error 2
Makefile:83: recipe for target 'all' failed
make: *** [all] Error 2
mysql-sniffer -f xxxxxx.pcap,耗时那列的结果都是0ms
MYSQL开启SSL通信。如何导入证书
下载mysql-sniffer-master
编译安装没问题
连接客户端测试,但是抓不到任何数据?
需要一个g++编译器,不然会报错
Compiling the CXX compiler identification source file "CMakeCXXCompilerId.cpp" failed.
Compiler: CMAKE_CXX_COMPILER-NOTFOUND
Build flags:
Id flags:
The output was:
No such file or directory
make 报错
[100%] Linking CXX executable mysql-sniffer
/usr/bin/ld: cannot find -lnidstcpreasm
在指定日志切割时间的时候,发现切割的方式只是将原有的日志情况。并不是想象的会吧。日志重命名,再重新生成一下新的日志
针对大流量场景做过优化吗?
mysql-sniffer -i eth0 -p 3306 -e stderr 显示如下内容
FILE: /root/mysql-sniffer/src/session.cpp LINE: 109 in add_mysql_resume_session:"adding resume session: -1542805312:46464 -> -284514112:3306"
FILE: /root/mysql-sniffer/src/mysql-dissector.c LINE: 484 in handle_resume_state:"handle resume state: current state: SESSION_STATE_RESUME_START msg_type: client "
FILE: /root/mysql-sniffer/src/mysql-dissector.c LINE: 538 in mysql_dissector:"handle canceled due to resume state"
FILE: /root/mysql-sniffer/src/mysql-dissector.c LINE: 484 in handle_resume_state:"handle resume state: current state: SESSION_STATE_RESUME_WAIT_SERVER msg_type: server "
FILE: /root/mysql-sniffer/src/mysql-dissector.c LINE: 538 in mysql_dissector:"handle canceled due to resume state"
killtcp.c:59:20: error: libnet.h: No such file or directory
killtcp.c:60: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘tcp_tag’
killtcp.c:62: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘*’ token
killtcp.c: In function ‘raw_init’:
killtcp.c:66: error: ‘l’ undeclared (first use in this function)
killtcp.c:66: error: (Each undeclared identifier is reported only once
killtcp.c:66: error: for each function it appears in.)
killtcp.c:66: error: ‘LIBNET_RAW4’ undeclared (first use in this function)
killtcp.c: In function ‘nids_killtcp_seq’:
killtcp.c:79: error: ‘l’ undeclared (first use in this function)
killtcp.c:81: error: ‘tcp_tag’ undeclared (first use in this function)
killtcp.c:85: error: ‘LIBNET_TCP_H’ undeclared (first use in this function)
killtcp.c:86: error: ‘ip_tag’ undeclared (first use in this function)
killtcp.c:87: error: ‘LIBNET_IPV4_H’ undeclared (first use in this function)
make: *** [killtcp.o] Error 1
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.