.post tr_bq { border: 1px dashed #000000; background: #f5f5f5; }

Thursday, March 20, 2014

Understanding TCPDUMP


Tcpdump  prints out a description of the contents of packets on a network interface that match the boolean expression.  It can also be run with the -w flag, which causes it to save the packet data to a file for later analysis, and/or with the -r flag, which causes it  to  read from  a  saved packet file rather than to read packets from a network interface.  In all cases, only packets that match expression will be processed by tcpdump.

# ps aux|grep mysql
mysql      882  0.0  0.1 114192  1568 ?        Ss   Mar20   0:00 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
mysql     1039  0.0  4.2 552444 42900 ?        Sl   Mar20   0:02 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64 mysql/plugin --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
root      1441  0.0  0.0 109400   872 pts/0    S+   00:13   0:00 grep --color=auto mysql

I hope you found this useful.