It's often necessary to perform packet captures to debug an issue either in production or non-production setup. This article provides the steps to do the same.
- Be able to pull the image
leodotcloud/swiss-army-knifeeither directly or via HTTP/HTTPS proxy or using a registry mirror or via artifactory.
Here is a quick overview of the process involved: Identify the container or pod where packet capture is needed. SSH to the node where this particular container or pod is running. Figure out the id of the container or the pause container for the pod. Run the debug container attaching to the network namespace of the container identified in the previous step. Exec inside the debug container. Verify the network namespace by checking the IP address of the network interface. Perform the packet capture!
CONTAINER_ID=<insert-value-here> DEBUG_IMAGE=leodotcloud/swiss-army-knife docker run -itd \ --name debug_container \ --net=container:$CONTAINER_ID \ $DEBUG_IMAGE docker exec -it debug_container bash tcpdump -i eth0 -w /tmp/debug_capture.pcap
The container image
leodotcloud/swiss-army-knife is packaged with many tools needed in various debugging scenarios.
Source code for this container image can be found here.
Docker hub page can be found here.
If you find any problems with this image, please file an issue on Github. You are also more than welcome to contribute to this repo by opening a PR (Pull Request)!