Pivotal Knowledge Base


How to tcpdump for pods


PKS Clusters running Pods under docker.  


Many pods are built on a limited OS and so are missing common utilities, so we may not be able to network packet capture from inside the pod.  You can run it from worker node the pod is running on.


Find the container name and node your app is running on 

kubectl get pod mypod -o json
"containerID": "docker://ddaaad0f556d2b1e5d4298bcc22c1701ff15e82c7a335b340334d852abe9af2e",
: "hostIP": "",

 Then from the worker with the IP "" , find the pods unique network interface index inside it's container.

docker exec ddaaad0f556d2b1e5d4298bcc22c1701ff15e82c7a335b340334d852abe9af2e /bin/bash -c 'cat /sys/class/net/eth0/iflink'

Then take the result from that and locate that interface on the worker

for i in /sys/class/net/veth*/ifindex; do grep -l 13 $i; done


ip link |grep ^13:
13: veth235ab8ff@flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP mode DEFAULT group default

 From this we see the virtual interface of the container is 'veth235ab8ff'.  We can use that interface to perform network packet capture's on

tcpdump -i veth235ab8ff



Powered by Zendesk