依赖包
yum -y install gcc libpcap-devel python-pip python-devel
pip install pypcap
pip install dpkt
get_mysql_statement.py
# -*- coding=utf-8 -*-
#-*- encoding:utf-8 -*-
import sys
import pcap
import dpkt
default_encoding = "utf-8"
if sys.getdefaultencoding() != default_encoding:
reload(sys)
sys.setdefaultencoding(default_encoding)
def main():
# 抓包网卡
monitor_interface = "eth0"
# 抓包目的IP
check_dst_ip = ['10.1.1.1']
# 抓包目的端口
check_dst_port = [3306]
pc = pcap.pcap(name = monitor_interface)
for p_time, p_data in pc:
p = dpkt.ethernet.Ethernet(p_data)
try:
ip_data = p.data
lay_4_data = ip_data.data
if lay_4_data.__class__.__name__ == 'TCP':
src_ip = '%d.%d.%d.%d' % tuple(map(ord,list(ip_data.src)))
dst_ip = '%d.%d.%d.%d' % tuple(map(ord,list(ip_data.dst)))
if dst_ip in check_dst_ip and lay_4_data.dport in check_dst_port:
print("%s->%s: %s" % (src_ip, dst_ip, lay_4_data.data))
# 如果要抓指定表或指定字段的数据包可以对返回数据过滤
#if lay_4_data.data.find("table_name") != -1:
# print("%s->%s: %s" % (src_ip, dst_ip, lay_4_data.data))
except:
pass
if __name__ == "__main__":
main()
网友评论