Procedure
- Identify the application name you wish to capture packets from:
kubectl get deployments.apps -n prelude | awk {'print $1'}
Example: vco-app
- Identify the container ID of the app:
docker ps | grep -v POD | grep <app name from step 1>
Note: Some services such as vco-app or abx-service have more than 1 container.
- Using the container ID identify its unique network interface:
docker exec <container ID from step 2> /bin/bash -c 'cat /sys/class/net/eth0/iflink'
- Using the result above, identify the virtual interface:
ip link |grep ^##
Note: where ## is the result of step 3.
- From the above output, identify the virtual interface of the container:
Example:
100: veth09f34def@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1423 qdisc noqueue master cni0 state UP mode DEFAULT group default
- To capture packets on this virtual interface, run command:
tcpdump -i <virtual interface> -w <file_name>.pcap
Example:
tcpdump -i veth09f34def -w vco-app-capture.pcap