Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Summary
This article explains how to capture TCP traffic at a pod in an Azure Kubernetes Service (AKS) cluster and download the capture to your local computer.
Prerequisites
You must run the Azure CLI version 2.0.59 or a later version.
Run az --version to verify the version. To install the latest version of the Azure CLI, see Install Azure CLI.
Identify the pod and install TCPdump
Identify the name of the pod that you want to capture the TCP packets from. This pod should be the one that has the connectivity problems. To identify the pod, run
kubectl get pods -Ato see the list of pods on your AKS cluster. The following example shows the output:NAME READY STATUS RESTARTS AGE azure-vote-back-2549686872-4d2r5 1/1 Running 0 31m azure-vote-front-848767080-tf34m 1/1 Running 0 31mIf you know the namespace that the pod runs in, you can also run
kubectl get pods -n <namespace>to get a list of pods that are running in that namespace.Connect to the pod that you identified in the previous step. The following commands use
azure-vote-front-848767080-tf34mas the pod name. Replace it with the correct pod name. If the pod isn't in the default namespace, add the--namespaceparameter to thekubectl execcommand.kubectl exec azure-vote-front-848767080-tf34m -it -- /bin/bashAfter you connect to the pod, run
tcpdump --versionto check whether TCPdump is installed. If you receive a "command not found" message, run the following command to install TCPdump in the pod:apt-get update && apt-get install tcpdumpIf your pod uses Alpine Linux, run the following command to install TCPdump:
apk add tcpdump
Capture TCP packets and save them to a local directory
Run
tcpdump -s 0 -vvv -w /capture.capto start capturing TCP packets on your pod.After the packet capture finishes, exit your pod shell session.
Run the following command to save the packets to the current directory:
kubectl cp azure-vote-front-848767080-tf34m:/capture.cap capture.cap