Mysql – Cannot get a TCPdump from MySQL


I am having quite a few problems on a tricky server.

One of my main problems at the moment is that tcpdump cannot seem to get the packets sent to mysql, unless I tinker with MySQL a bit.

This is what I run:

tcpdump -s 65535 -x -nn -q -tttt -i any -c 99999 port 3306

When I run this, no output is shown.

If however, I log into mysql using

mysql -h

..then tcpdump does show some output.

My problem is that the current traffic coming from apache does not show up using tcpdump and I do not know if I need to change a parameter in tcpdump, MySQL or apache.

Some more info:

netstat -tap | grep mysql

tcp        0      0 *:mysql   *:*                         LISTEN      2238/mysqld

cat /etc/hosts               localhost localhost.localdomain

Can anyone please help?

Best Answer

You're not seeing the traffic using tcpdump because MySQL isn't using TCP, it's using a Unix socket. You need to configure the database client (presumably a PHP application, although I guess in theory you could be using Apache itself to talk to MySQL) to connect to, because localhost (typically the default) is a special value that means "use a Unix socket" to the MySQL client library.