Sniff Kubernetes Pod requests and headers using tpcdump
Posted Updated  Yuki Sawa Guidea minute read (About 118 words)

Sniff Kubernetes Pod requests and headers using tpcdump

When your fancy observability tools have failed you there’s still trusty tpcdump

The was done on Ubuntu. YMMV on other distros.

Exec into a pod

1
kubectl exec -it my-pod-name sh

Run

1
2
cat /sys/class/net/eth0/iflink
> 588 # container eth id

It should return a number, the container eth id

Now run

1
kubectl describe po my-pod-name | grep Node

To find out the node it’s running on

SSH into the node then run below to find the eni id

1
2
ip link | grep 588
> eni89aabc12345

Now use tcpdump to sniff the requests coming in

1
tcpdump -A -i eni89aabc12345

To capture a specific header

1
tcpdump -A -i eni89aabc12345 | grep -i X-Real-IP -C 5

Recents

Categories

Tags

automation1
aws8
cicd2
cli1
envoy1
kubernetes3
networking1
performance-tests1
python3
serverless4
service-mesh2
spinnaker1

Archives

×