我需要使用 tcpdump 捕获所有 mysql 请求/响应,然后需要找出与哪个请求相关的响应,以便计算每个请求的响应时间。
我使用了以下 tcpdump 代码:
tcpdump -ixenbr0 -s 400 -n -A 'port 3306'
并获得了单个 SQL 查询的以下结果(我只复制粘贴了一个示例,还有更多捕获的数据包):
01:05:57.010702 IP 192.168.87.242.41775 > 192.168.87.243.3306: Flags [P.], seq 1881250501:1881250506, ack 259893378, win 1444, options [nop,nop,TS val 12664899 ecr 12667456], length 5
E..9..@[email protected]../..p!...}......1b.....
[email protected]@.....
01:05:57.010907 IP 192.168.87.243.3306 > 192.168.87.242.41775: Flags [P.], seq 1:12, ack 5, win 1771, options [nop,nop,TS val 12667525 ecr 12664899], length 11
E..?.1@[email protected]..../.}..p!......1h.....
..J...@C...........
01:05:57.010974 IP 192.168.87.242.41775 > 192.168.87.243.3306: Flags [.], ack 12, win 1444, options [nop,nop,TS val 12664899 ecr 12667525], length 0
E..4..@[email protected]../..p!...}......1].....
[email protected].
01:05:57.011028 IP 192.168.87.242.41775 > 192.168.87.243.3306: Flags [P.], seq 5:235, ack 12, win 1444, options [nop,nop,TS val 12664899 ecr 12667525], length 230
E.....@[email protected]../..p!...}......2C.....
[email protected] se.socialeventid,se.title From SOCIALEVENT as se,PERSON_SOCIALEVENT as ps where se.socialeventid=ps.socialeventid and se.eventtimestamp>=CURRENT_TIMESTAMP and ps.username='ew4bp7yd2ie' ORDER BY se.eventdate ASC limit 3
01:05:57.011483 IP 192.168.87.243.3306 > 192.168.87.242.41775: Flags [P.], seq 12:242, ack 235, win 1771, options [nop,nop,TS val 12667525 ecr 12664899], length 230
E....2@[email protected]..../.}..p!......2C.....
[email protected]^Msocialeventid^Msocialeventid.?...........1....def.olio.se.SOCIALEVENT.title.title...d.......................629.rrt yllpxmtluc cqwz .....979.ekgvvvxsbdei j n .....2590.bekmkggqmd apboxhxi .........
假设我有一个非常繁忙的服务器,涉及大量请求响应。所以我有几个问题:
我如何才能找出这些数据包中的哪一个是请求?(它应该以什么开头?这些字符是什么?)
E..9..@[email protected]../..p!...}......1b.....我如何才能找出这些数据包中哪一个是响应?
我如何才能找出哪个请求包属于哪个响应包?
任何帮助,将不胜感激。