Within the pod caught there are two ways:
A, access to the pod internal use tcpdump for caught tcpdump package installed in the (mirror)
1, kubectl get pod -o wide | grep podname
2, Kubectl exec - it podname/bin/bash
3, tcpdump -i any - VNN host 177.177.202.43 and udp and port 162 - w name. Pcap
Second, on the Pod's host caught
Basic principle, using nsenter conversion network namespace,
Steps:
1, first, find the pod is running on that node kubectl get pod -o wide | grep podname (caught) only on the node,
2, login nodes using the docker ps | grep command, XXX for running docker container, the container id below $CID,
/root @ 160 ~ # docker ps | grep alarm
02 aca4d677c2 matrix-registry.h3c.com: 8088/platt/itom - alarm - dm "/opt/iMC/server/bin..." 7 days a line Up 7 days k8s_itom - alarm - dm_itom - alarm - b4cbbcb dm - 78-46 r58_service - software_fc16782d BFB - 572 - f - 4-8 bf0-9 ed6b47a31b7_0
3, use docker inspect - format "{{. State. The Pid}}" $CID command, obtain the docker container process ID, $Pid,
/root @ 160 ~ # docker inspect - format "{{. State. The Pid}}" 02 aca4d677c2
9573
4, the use of nsenter conversion network namespace, command to: nsenter - n - t $PID
/root @ 160 ~ # nsenter - n - 9573
t/root @ 160 ~ #
Note that this command success no echo, so no news is good news
5, view the current namespace name card, command: IP addr or ifconfig
eth0 @ if3339: & lt; BROADCAST and MULTICAST, the UP, LOWER_UP & gt; Mtu 1500 qdisc noqueue state UP group default
The link/Mr 02:38:1 a: 5 BRD 53:8 1:8 ff: ff: ff: ff: ff: ff link - netnsid 0
Inet 177.177.56.212/32 scope global eth0
Valid_lft forever preferred_lft forever
Note: the name of the card is only the part before the @ symbol, in this case is eth0
6, here everything is ready, you can use tcpdump caught, the diagram below:
Tcpdump -i eth0 -w 1. Pcap
The parameters here, in addition to the -i binding network card, the rest can be according to the need to add and delete, as ordinary tcpdump caught there is no difference between the
7. To use wireshark analysis
