How to get tcpdump for containers inside Kubernetes pods
Article ID: 298514
Updated On:
Products
VMware Tanzu Kubernetes Grid Integrated Edition
Issue/Introduction
Many pods are built on a limited OS and so are missing common utilities, so we may not be able to network packet capture from inside the pod. You can run it from worker node the pod is running on.
Environment
Resolution
Find the container name and node your app is running on.
kubectl get pod mypod -o json : "containerID": "containerd://131d21a08091ff05303e3f574afc656a010787a9a2a2345f2bc2698780e5bd97", : "hostIP": "10.###.###.2",
Then from the worker with the IP "10.###.###.2", find the pods unique network interface index inside it's container:
crictl ps | grep 131d21a
crictl exec -i 131d21a08091f /bin/bash -c 'cat /sys/class/net/eth0/iflink' 13
Then take the result from that and locate that interface on the worker
for i in /sys/class/net/veth*/ifindex; do grep -l 13 $i; done /sys/class/net/veth235ab8ff/ifindex
or
ip link |grep ^13: 13: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP mode DEFAULT group default
From this we see the virtual interface of the container is 'veth235ab8ff'. We can use that interface to perform network packet capture's on.
tcpdump -i veth235ab8ff
Feedback
Yes
No
Powered by
