tshark'ing mysql

gistfile1.txt

live:
tshark -i eth0 -aduration:60 -d tcp.port==3306,mysql -T fields -e mysql.query 'port 3306'

capture:
tcpdump -i eth0 port 3306 -s 1500 -w tcpdump.out
tshark -r tcpdump.out -d tcp.port==3306,mysql -T fields -e mysql.query > query_log.out