MongoDB bridges the gap between key-value stores (which are fast and highly scalable) and traditional RDBMS systems (which provide rich queries and deep functionality).
The Mongo Wire Protocol is a simple socket-based, request-response style protocol. Clients communicate with the database server through a regular TCP/IP socket.
- TCP: Typically, Mongo uses TCP as its transport protocol. The well known TCP port for Mongo traffic is 27017.
The Mongo dissector is partially functional.(Not support to display BSON Data)
- SampleCaptures/mongodb.pcap Sample of MongoDB Traffic (Query, Reply, Insert, Update, Delete…)
A complete list of MONGO display filter fields can be found in the display filter reference
Show only the MONGO based traffic:
You cannot directly filter Mongo protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.
Capture only the Mongo traffic over the default port (27017):
tcp port 27017
- Mongo Wire Protocol - Documentation about Mongo Wire Protocol
Imported from https://wiki.wireshark.org/Mongo on 2020-08-11 23:16:51 UTC