Perform tcpdump in Consul-k8s

This guide explains how to use tcpdump in a Kubernetes environment to capture network traffic from a Consul mesh gateway pod using a debug container.

1. Launch a Debug Container

   Start a debug container for the target pod in the consul namespace. The image nicolaka/netshoot comes with many tools like curl, tcpdump, netstat, etc.

    kubectl -n consul debug -it $MESH_GW_POD --image=nicolaka/netshoot
   

   Note the name of the debug container created (e.g., debugger-xxx). You will need it for the file copy step.

2. Run tcpdump in the Debug Container

   Inside the debug container, capture network traffic on all interfaces and save it to a .pcap file:

    tcpdump -i any -s0 -w meshgw-dc1.pcap
   

   • -i any: Captures traffic on all network interfaces.

   • -s0: Captures the full packet length.

   • -w meshgw-dc1.pcap: Saves the output to meshgw-dc1.pcap.

Press Ctrl+C to stop the capture, but do not exit the debug container.

3. Copy the .pcap File

   Open a new terminal and copy the .pcap file from the debug container to your local machine:

    kubectl -n consul cp $MESH_GW_POD:/root/meshgw-dc1.pcap meshgw-dc1.pcap -c $DEBUG_CONTAINER_NAME
   

   Replace $DEBUG_CONTAINER_NAME with the name of the debug container noted in Step 1.

4. The .pcap file can be analyzed using tools like Wireshark.