AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Tcpdump wireshark capture1/17/2024 INFO uploading file: '/home/acritelli/.krew/store/sniff/v1.6.2/static-tcpdump' to '/tmp/static-tcpdump' on container: 'nginx' INFO uploading static tcpdump binary from: '/home/acritelli/.krew/store/sniff/v1.6.2/static-tcpdump' to: '/tmp/static-tcpdump' INFO sniffing method: upload static tcpdump INFO no container specified, taking first container we found in pod. INFO using tcpdump path at: '/home/acritelli/.krew/store/sniff/v1.6.2/static-tcpdump' Running kubectl sniff $POD_NAME will begin a packet capture, launch Wireshark, and send the packet capture directly to Wireshark: $ kubectl sniff nginx Once you have installed ksniff and have a pod running, it's time to capture some network traffic. Further configuration is required.įor online documentation and support please refer to If you see this page, the nginx web server is successfully installed and NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIMEĪcritelli-k8s Ready control-plane 3d5h v1.23.3+k0s 10.10.0.207 Ubuntu 20.04.4 LTS 5.14.0-1029-oem containerd://1.5.9įont-family: Tahoma, Verdana, Arial, sans-serif } Nginx NodePort 10.99.139.251 80:32209/TCP 2sįinally, you can confirm that the service is operable with a simple curl to the NodePort service: $ kubectl get nodes -o wide NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE While most admins generally avoid NodePort services in production, they provide a convenient way to test a service quickly: $ kubectl expose pod nginx -port 80 -type=NodePort Once the pod is running, you can expose it as a NodePort service. These examples deploy a simple workload on a single-node K0s installation running on my workstation: $ kubectl run -image=nginx nginx I recommend a simple Nginx pod, which you can run with a single command. The best way to get started with ksniff is to perform a packet capture on a familiar workload, such as a basic web server. If you want to follow along and view captured packets in a graphical user interface (GUI) or terminal, you should also install Wireshark and tshark. These plugins are not audited for security by the Krew maintainers. WARNING: You installed plugin "sniff" from the krew-index plugin repository. | | * wireshark (optional, used for live capture) | | This plugin needs the following programs: Once you have Krew installed, you can install ksniff with a single command: $ kubectl krew install sniff You can find installation instructions for Krew on the project's website. The official installation instructions for ksniff recommend using the Krew plugin manager, which is my preferred installation method. Ksniff is a plugin for kubectl, and you must install it before you can start using it. The official ksniff documentation does not yet recommend its use in production, and you should be aware that it uploads a precompiled tcpdump binary to your running pods. Let's get started!ĭisclaimer: The techniques explained in this article should only be used in development environments and with a complete understanding of what you are doing. I'll show you how to capture, filter, and save packets for later analysis. Ksniff is a plugin for kubectl that allows you to capture packets in your Kubernetes pods. This article introduces ksniff, an excellent open source tool that I've been using. However, I've consistently found that viewing the packets traversing the wire is the best way to troubleshoot and understand complex protocol and application-level issues. Basic network tools, such as ping and traceroute, can be helpful during the initial troubleshooting stage. Kubernetes and its associated extensions, such as service meshes, introduce additional network complexity that an administrator must be prepared to tackle.
0 Comments
Read More
Leave a Reply. |