Pivotal Knowledge Base

Follow

How to tcpdump for pods

Environment

PKS Clusters running Pods under docker.  

Purpose

Many pods are built on a limited OS and so are missing common utilities, so we may not be able to network packet capture from inside the pod.  You can run it from worker node the pod is running on.

Procedure

Find the container name and node your app is running on 

kubectl get pod mypod -o json
:
"containerID": "docker://ddaaad0f556d2b1e5d4298bcc22c1701ff15e82c7a335b340334d852abe9af2e",
: "hostIP": "10.193.90.92",

 Then from the worker with the IP "10.193.90.92" , find the pods unique network interface index inside it's container.

docker exec ddaaad0f556d2b1e5d4298bcc22c1701ff15e82c7a335b340334d852abe9af2e /bin/bash -c 'cat /sys/class/net/eth0/iflink'
13

Then take the result from that and locate that interface on the worker

for i in /sys/class/net/veth*/ifindex; do grep -l 13 $i; done
/sys/class/net/veth235ab8ff/ifindex

or

ip link |grep ^13:
13: veth235ab8ff@flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP mode DEFAULT group default

 From this we see the virtual interface of the container is 'veth235ab8ff'.  We can use that interface to perform network packet capture's on

tcpdump -i veth235ab8ff

 

Comments

Powered by Zendesk