1

While troubleshooting a MySQL issue, I came across this command at commandlinefu:

tshark -i any -T fields -R mysql.query -e mysql.query

I am trying to understand it before I actually use it. Looking at the man page helped me understand the options used. The MySQL filter documentation was also helpful. However, how can I actually see what the filter looks like? I'm assuming all the filters are saved in a directory somewhere. Is this assumption incorrect?

quanta
  • 51,413
  • 19
  • 159
  • 217
Belmin Fernandez
  • 10,799
  • 27
  • 84
  • 148

1 Answers1

1

On CentOS they're all compiled into /usr/lib/libwireshark.so

All of the filters are called dissectors within the source code and are located in epan/dissectors.

The MySQL dissector is epan/dissectors/packet-mysql.c

Rob Olmos
  • 2,240
  • 1
  • 15
  • 26