Skip to content

Instantly share code, notes, and snippets.

@simonw
Created July 24, 2017 23:36
Show Gist options
  • Save simonw/90eb5f7f30934aaea83890d087731bee to your computer and use it in GitHub Desktop.
Save simonw/90eb5f7f30934aaea83890d087731bee to your computer and use it in GitHub Desktop.
Using tcpdump to spy on an elasticsearch docker container
# First, attach to the docker container
bay attach elasticsearch
# Now install tcpdump
apt-get update && apt-get install tcpdump
# Now run it, sniffing all traffic to port 9200
tcpdump -A -s 0 'tcp port 9200 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment