Skip to content

Instantly share code, notes, and snippets.

@AndresPineros

AndresPineros/tcpdump-kubernetes

Forked from dcasati/tcpdump-kubernetes
Created August 29, 2022 23:01
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save AndresPineros/51057ad59425a5ba4b5e8a0c35be99bb to your computer and use it in GitHub Desktop.
Save AndresPineros/51057ad59425a5ba4b5e8a0c35be99bb to your computer and use it in GitHub Desktop.
Download ZIP
visualize a tcpdump capture from a Kubernetes POD on Wireshark in real time
Raw
tcpdump-kubernetes
run tcpdump on a POD and then (live) see that information through wireshark locally on my machine. the magic of ssh and fifo 
Topology
--------
[laptop with wireshark] ------> [AKS Node] ----> [POD (tcpdump is here)]. 
1. create the fifo on your local machine (where wireshark will run)
mkfifo /tmp/remote-capture.fifo
2. execute the following command to send traffic from within a POD to the stdout. This will then be redirected to the fifo locally
kubectl exec blog-frontend-787869dbc-dds95 -- tcpdump -s 0 -n -w - -U -i eth0 not port 22 > /tmp/remote-capture.fifo
3. open wireshark
wireshark -kni /tmp/remote-capture.fifo
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment