Created
March 6, 2019 19:54
-
-
Save dcasati/10a232da3b1b3d1668cc05fad41db7ce to your computer and use it in GitHub Desktop.
visualize a tcpdump capture from a Kubernetes POD on Wireshark in real time
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| run tcpdump on a POD and then (live) see that information through wireshark locally on my machine. the magic of ssh and fifo | |
| Topology | |
| -------- | |
| [laptop with wireshark] ------> [AKS Node] ----> [POD (tcpdump is here)]. | |
| 1. create the fifo on your local machine (where wireshark will run) | |
| mkfifo /tmp/remote-capture.fifo | |
| 2. execute the following command to send traffic from within a POD to the stdout. This will then be redirected to the fifo locally | |
| kubectl exec blog-frontend-787869dbc-dds95 -- tcpdump -s 0 -n -w - -U -i eth0 not port 22 > /tmp/remote-capture.fifo | |
| 3. open wireshark | |
| wireshark -kni /tmp/remote-capture.fifo |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment