Created
July 24, 2017 23:36
-
-
Save simonw/90eb5f7f30934aaea83890d087731bee to your computer and use it in GitHub Desktop.
Using tcpdump to spy on an elasticsearch docker container
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# First, attach to the docker container | |
bay attach elasticsearch | |
# Now install tcpdump | |
apt-get update && apt-get install tcpdump | |
# Now run it, sniffing all traffic to port 9200 | |
tcpdump -A -s 0 'tcp port 9200 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment