Perform tcpdump in Consul-k8s
Bruce L
This guide explains how to use tcpdump in a Kubernetes environment to capture network traffic from a Consul mesh gateway pod using a debug container.
Launch a Debug Container
Start a debug container for the target pod in the consul namespace. The image
nicolaka/netshootcomes with many tools like curl, tcpdump, netstat, etc.kubectl -n consul debug -it $MESH_GW_POD --image=nicolaka/netshootNote the name of the debug container created (e.g.,
debugger-xxx). You will need it for the file copy step.Run tcpdump in the Debug Container
Inside the debug container, capture network traffic on all interfaces and save it to a
.pcapfile:tcpdump -i any -s0 -w meshgw-dc1.pcap-i any: Captures traffic on all network interfaces.-s0: Captures the full packet length.-w meshgw-dc1.pcap: Saves the output tomeshgw-dc1.pcap.
Press Ctrl+C to stop the capture, but do not exit the debug container.
Copy the .pcap File
Open a new terminal and copy the .pcap file from the debug container to your local machine:
kubectl -n consul cp $MESH_GW_POD:/root/meshgw-dc1.pcap meshgw-dc1.pcap -c $DEBUG_CONTAINER_NAMEReplace
$DEBUG_CONTAINER_NAMEwith the name of the debug container noted in Step 1.The
.pcapfile can be analyzed using tools like Wireshark.
Subscribe to my newsletter
Read articles from Bruce L directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Bruce L
Bruce L
I’ve been rocking the DevOps journey for a decade, starting with building Cisco’s software-defined datacenters for multi-region OpenStack infrastructures. I then shifted to serverless and container deployments for finance institutions. Now, I’m deep into service meshes like Consul, automating with Ansible and Terraform, and running workloads on Kubernetes and Nomad. Stick around for some new tech and DevOps adventures!