mongosniff provides a low-level operation tracing/sniffing view into database activity in real time. Think of mongosniff as a MongoDB-specific analogue of tcpdump for TCP/IP network traffic. Typically, mongosniff is most frequently used in driver development.
mongosniff requires libpcap and is only available for Unix-like systems. Furthermore, the version distributed with the MongoDB binaries is dynamically linked against aversion 0.9 of libpcap. If your system has a different version of libpcap, you will need to compile mongosniff yourself or create a symbolic link pointing to libpcap.so.0.9 to your local version of libpcap. Use an operation that resembles the following:
ln -s /usr/lib/libpcap.so.1.1.1 /usr/lib/libpcap.so.0.9
Change the path’s and name of the shared library as needed.
As an alternative to mongosniff, Wireshark, a popular network sniffing tool is capable of inspecting and parsing the MongoDB wire protocol.
Returns information on the options and use of mongosniff.
- --forward <host><:port>¶
Declares a host to forward all parsed requests that the mongosniff intercepts to another mongod instance and issue those operations on that database instance.
Specify the target host name and port in the <host><:port> format.
To connect to a replica set, specify the replica set seed name and the seed list of set members. Use the following format:
- --source <NET [interface]>¶
Specifies source material to inspect. Use --source NET [interface] to inspect traffic from a network interface (e.g. eth0 or lo.) Use --source FILE [filename] to read captured packets in pcap format.
You may use the --source DIAGLOG [filename] option to read the output files produced by the --diaglog option.
Displays invalid BSON objects only and nothing else. Use this option for troubleshooting driver development. This option has some performance impact on the performance of mongosniff.
Specifies alternate ports to sniff for traffic. By default, mongosniff watches for MongoDB traffic on port 27017. Append multiple port numbers to the end of mongosniff to monitor traffic on multiple ports.
mongosniff --source NET lo 27017 27018
mongosniff --objcheck --source NET lo 27018
To build mongosniff yourself, Linux users can use the following procedure:
Obtain prerequisites using your operating systems package management software. Dependencies include:
- libpcap - to capture network packets.
- git - to download the MongoDB source code.
- scons and a C++ compiler - to build mongosniff.
Download a copy of the MongoDB source code using git:
git clone git://github.com/mongodb/mongo.git
Issue the following sequence of commands to change to the mongo/ directory and build mongosniff:
cd mongo scons mongosniff
If you run scons mongosniff before installing libpcap you must run scons clean before you can build mongosniff.