This article explains how you can snoop packets going through applications running on your Tanzu Application Service for VMs deployment and applies to TAS for VMs versions 1.11 and above.

More specifically, this article covers how to find the Linux network interface that is connected to an application so that you can execute the `tcpdump` command to snoop packets.

Besides `tcpdump`, you can also execute whatever you can do with the standard Linux commands that operate on the network interface, such as `ip`, `netstat`, etc. This should be used when you want to debug or troubleshoot applications at the network traffic level.

Note: This requires operator administrative access to your TAS for VMs deployment.

SSH into diego cell vm as shown in How to login to an app container as a root and execute steps 1 - 4. After running these steps. You should be SSH'd into the Diego Cell where your application is running and you should have located the container instance_guid. 

Impact

Run the following command and make sure to insert your container uuid in the marker. The output will be the MAC address of the network adapter inside the container.

/var/vcap/packages/runc/bin/runc --root /run/containerd/runc/garden exec -t <container uuid> /sbin/ip link | grep ether | awk '{print $2}' | cut -f 4-6 -d ':'

Now run this command:

ifconfig | grep "<output_previous_command>" | awk '{print $1}'

This will return the name of the network adapter that's being used by the host side of the container on the Diego Cell. You can snoop on this interface to view all traffic going into and out of the container. You can use tcpdump -i <interface> from the host Diego Cell to snoop the traffic. 

Besides tcpdump, you can do whatever you can do with standard Linux commands that operate on the network interface, such as ip, netstat, etc. 

• You might inadvertently view sensitive information going through the application's traffic that you are snooping on.
• This information is based on the implementation details of the Diego Cell, which may change at any time without formal notice.

This is a basic way to get a traffic capture, for more details please read this KB How to collect a packet capture from a container and move it to your local machine.