Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to find all the outgoing network traffic from a pod in k8s

Tags:

kubernetes

kubernetes-pod

Is there any command or anything to find the all outgoing traffic from a pod.

like image 316
Anonymous Avatar asked Oct 19 '25 03:10

Anonymous

1 Answers

To find all the IP addresses your application is talking to, you will have to capture the network traffic on the pod's network interface. This can be done using tcpdump. Once captured, it can be easily read using tcpdump or on GUI tools like wireshark.

Incase you have the capability to install tcpdump on the running container, you can download and run it. Eg:

apt-get install tcpdump

Then capture and save the file in a .pcap format

tcpdump -w 0001.pcap -i eth0

To read and analyze captured packet 0001.pcap file use the command with -r option

tcpdump -r 0001.pcap

Rather than reading using tcpdump, you can export the .pcap file to your local workspace and open it on wireshark(which can understand pcap). This will give you a nice interface.

If you are not able to download tcpdump on the container then you will have to include it in the image.(which will add unnecessary bloat to the image)

Other options are mentioned below:

  1. ksniff (will need to run privileged pod)
  2. Ephemeral debug container (available from k8s v1.23 only)

Ksniff

https://github.com/eldadru/ksniff - Kubectl plugin to ease sniffing on kubernetes pods using tcpdump and wireshark

Ksniff is shipped as a kubectl plugin that allows using tcpdump and Wireshark to capture traffic on a specific pod within a cluster. Ksniff uses kubectl to upload a tcpdump binary (packet sniffer) to the target container, and redirects the output to the Wireshark instance running in your machine.

This blog explains more - https://kubesandclouds.com/index.php/2021/01/20/ksniff/

Ephemeral debug containers

k8s (from k8s v1.23) provide a way to attach temporary containers to a running pod and run debugging utilities.

kubectl -n myns debug -i nginx-9456bbbf9-97gjc --image=nicolaka/netshoot –-target=nginx -- tcpdump -i eth0 -w - | wireshark -k -i -

–-target here is the container to be debugged.

This command will attach a container which includes tcpdump to the pod and capture traffic on eth0 interface. The captured data is then piped to wireshark of inspection.

like image 108
ns94 Avatar answered Oct 21 '25 22:10

ns94
Sign in to Comment

Related questions

Kubernetes not claiming persistent volume - "failed due to PersistentVolumeClaim is not bound: "task-pv-claim", which is unexpected."
Increasing the maxPods of a k8s node
cert-manager - Acme Http Solver Returns 404
Do Kubernetes liveness probes run in parallel with your application?
How to automatically force delete pods stuck in 'Terminating' after node failure?
How MetalLB works in Kubernetes
access k8s service hosted by minikube from another machine

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!