-
-
Save AndresPineros/51057ad59425a5ba4b5e8a0c35be99bb to your computer and use it in GitHub Desktop.
visualize a tcpdump capture from a Kubernetes POD on Wireshark in real time
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| run tcpdump on a POD and then (live) see that information through wireshark locally on my machine. the magic of ssh and fifo | |
| Topology | |
| -------- | |
| [laptop with wireshark] ------> [AKS Node] ----> [POD (tcpdump is here)]. | |
| 1. create the fifo on your local machine (where wireshark will run) | |
| mkfifo /tmp/remote-capture.fifo | |
| 2. execute the following command to send traffic from within a POD to the stdout. This will then be redirected to the fifo locally | |
| kubectl exec blog-frontend-787869dbc-dds95 -- tcpdump -s 0 -n -w - -U -i eth0 not port 22 > /tmp/remote-capture.fifo | |
| 3. open wireshark | |
| wireshark -kni /tmp/remote-capture.fifo |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment