Created
May 20, 2022 12:27
-
-
Save rnemeth90/12ba652e14f62f540bc30277e3e470f5 to your computer and use it in GitHub Desktop.
Live Packet Capture of a Pod in Kubernetes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Summary: | |
| Run tcpdump on a pod and then see that information through Wireshark locally on my machine. | |
| Topology | |
| -------- | |
| [laptop with wireshark] ------> [AKS Node] ------> [POD (tcpdump is here)]. | |
| ##1. Create the fifo on your local machine (where wireshark will run) | |
| ``` | |
| mkfifo /tmp/remote-capture.fifo | |
| ``` | |
| ##2. Execute the following command to send traffic from within a POD to the stdout. This will then be redirected to the fifo locally | |
| ``` | |
| kubectl exec < pod name > -- tcpdump -s 0 -n -w - -U -i eth0 not port 22 > /tmp/remote-capture.fifo | |
| ``` | |
| ##3. Open Wireshark | |
| ``` | |
| wireshark -kni /tmp/remote-capture.fifo | |
| ``` |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment