Performing packet captures of containers running on a TKGm node

search cancel

Performing packet captures of containers running on a TKGm node

book

Article ID: 426402

calendar_today

Updated On:

Products

VMware Telco Cloud Automation

Issue/Introduction

instructions on how to perform a packet capture of a container running on a TKGm node.

Environment

3.x

Resolution

1. SSH to the node where the POD/Container is running

2. Identify the container

# crictl ps

CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID POD
xxxxxxxxxxxxx xxxxxxxxxxxxx 2 months ago Running nodeconfig-daemon 9   xxxxxxxxxxxxx nodeconfig-daemon-b9b29
xxxxxxxxxxxxx xxxxxxxxxxxxx 2 months ago Running coredns 1   xxxxxxxxxxxxx coredns-584c9f848-pd69h
xxxxxxxxxxxxx xxxxxxxxxxxxx 2 months ago Running calico-node 2   xxxxxxxxxxxxx calico-node-8wfpv
xxxxxxxxxxxxx xxxxxxxxxxxxx 2 months ago Running kube-multus 3   xxxxxxxxxxxxx kube-multus-ds-l6pgf
xxxxxxxxxxxxx xxxxxxxxxxxxx 2 months ago Running liveness-probe 3   xxxxxxxxxxxxx vsphere-csi-node-rk6zl
xxxxxxxxxxxxx xxxxxxxxxxxxx 2 months ago Running vsphere-csi-node 12372   xxxxxxxxxxxxx vsphere-csi-node-rk6zl
c46edf15xxxxx   xxxxxxxxxxxxx 2 months ago Running node-driver-registrar 4   xxxxxxxxxxxxx vsphere-csi-node-rk6zl
xxxxxxxxxxxxx xxxxxxxxxxxxx 2 months ago Running kube-proxy 3   xxxxxxxxxxxxx kube-proxy-mlp9w

3. Next, identify the container ID for the pod that is not receiving traffic, and retrieve the container’s PID by running the following command:

# CONTAINER_PID=$(sudo crictl inspect --output go-template --template '{{.info.pid}}' c46edf15xxxxx)

# echo $CONTAINER_PID
1471

4. Once you have the CONTAINER_PID you can capture the traffic on the node for the container/pod using the nsenter command

sudo nsenter -t $CONTAINER_PID -n tcpdump -i eth0 -w traffic_capture.pcap

Feedback

thumb_up Yes

thumb_down No