Home 抓包分析工具ngrep
Post
Cancel

抓包分析工具ngrep

Posted Nov 7, 2018 Updated Oct 17, 2022
By 2pc
1 min read

安装配置

1
2
3
4
5
6
7

wget http://nchc.dl.sourceforge.net/sourceforge/ngrep/ngrep-1.45.tar.bz2
bzip2 -d ngrep-1.45.tar.bz2
tar xvf ngrep-1.45.tar
cd ngrep-1.45
yum install libpcap libpcap-devel -y
./configure --with-pcap-includes=/usr/local/include/pcap 
make & make install

contos7 yum 安装

1
2

rpm -ivh http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum  install  ngrep

抓包分析

mysql事务提交过程

客户端

1
2
3
4
5
6
7
8

mysql> begin;
Query OK, 0 rows affected (0.00 sec)

mysql> select * from user limit 2\G;
*************************** 1. row ***************************
mysql> commit;
Query OK, 0 rows affected (0.00 sec)

ngrep抓包显示内容

1
2
3
4

# ngrep -W byline -d eth2 port 3306|grep -E -i -w "select|begin|commit"
.....begin
.....select * from user limit 2
.....commit

还可以试试zipkin,客户端访问这个url

1

http://172.28.3.169:9411/zipkin/traceViewer

抓包显示如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

# ngrep -W byline -d eth2 port 9411
interface: eth2 (172.28.3.0/255.255.255.0)
filter: (ip) and ( port 9411 )
####
T 172.28.24.156:53048 -> 172.28.3.169:9411 [AP]
GET /zipkin/nav_zh.properties HTTP/1.1.
Host: 172.28.3.169:9411.
Connection: keep-alive.
Accept: text/plain, */*; q=0.01.
X-Requested-With: XMLHttpRequest.
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36.
Referer: http://172.28.3.169:9411/zipkin/traceViewer.
Accept-Encoding: gzip, deflate.
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,ja;q=0.7.
.

#
T 172.28.3.169:9411 -> 172.28.24.156:53048 [AP]
HTTP/1.1 404 Not Found.
Content-Encoding: gzip.
Connection: keep-alive.
vary: origin.
Transfer-Encoding: chunked.
Content-Type: application/json;charset=UTF-8.
Date: Wed, 07 Nov 2018 10:38:58 GMT.
.
80.
..........\....0.E..y.......:2..HX4BM,.e(...........R..2D89.=b....x...........tk.....H.k.U.s....{j.I......=.+....}_...$..........

#
T 172.28.3.169:9411 -> 172.28.24.156:53048 [AP]
0a.

只显示Referer

1
2
3
4
5
6
7

# ngrep -W byline -d eth2 port 9411|grep Referer
Referer: http://172.28.3.169:9411/zipkin/traceViewer.
Referer: http://172.28.3.169:9411/zipkin/dependency/.
Referer: http://172.28.3.169:9411/zipkin/dependency/.
Referer: http://172.28.3.169:9411/zipkin/dependency/.
Referer: http://172.28.3.169:9411/zipkin/dependency/.
Referer: http://172.28.3.169:9411/zipkin/traceViewer.
Protocols
tools Protocols NetWork
This post is licensed under CC BY 4.0 by the author.
Recently Updated