Skip to content

rhthsa/tcp-dump-node-and-pod

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
images
images
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

TCP Dump Node and Pod

TCP dump node

  • Start debug node

    oc debug -t node/$NODE

  • Run tcpdump on worker node

    FILENAME="/host/var/tmp/$HOSTNAME_$(date +%d_%m_%Y-%H_%M_%S-%Z).pcap"
tcpdump -nn -s 0 -i $INTERFACE -w $FILENAME  host $DESTINATION

    Remark: use command ip address to check for interface name

  • Copy pcap file from worker node

    oc debug node/$NODE -- dd if=$FILENAME| dd of=$FILENAME
oc debug node/$NODE -- rm -f $FILENAME

TCP dump pod

  • Verify that pod you want to run tcpdump run on which node by using command oc get po -o wide

  • Start debug node

    oc debug node/$NODE

    Sample output

    Temporary namespace openshift-debug-rfdpz is created for debugging node...
Starting pod/ip-10-0-148-0us-east-2computeinternal-debug ...
To use host binaries, run `chroot /host`
Pod IP: 10.0.148.0
If you don't see a command prompt, try pressing enter.

    Record namespace and podman for using in next step

  • Install toolbox

    • run chroot

      chroot /host

    • login to Red Hat registry

      podman login http://registry.redhat.io

      Sample output

      Username: [email protected]
Password: 
Login Succeeded!

    • Pull support-tool

      podman pull registry.redhat.io/rhel8/support-tools

      Sample output

      Trying to pull registry.redhat.io/rhel8/support-tools:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob 759f022da1c6 skipped: already exists  
Copying blob 57755749ebfe skipped: already exists  
Copying config ba7f554429 done  
Writing manifest to image destination
Storing signatures
ba7f5544298a7123e19bbba10171c96c91738a44f7304fc77f8bba13f5fbe3cb

    • Verify that support-tools is already installed

      ls -l /usr/bin/toolbox

      Sample output

      -rwxr-xr-x. 2 root root 7374 Jan  1  1970 /usr/bin/toolbox

    • Exit from chroot

      exit

  • Find pod's process ID

    POD_NAME=<pod name>
cid=$(chroot /host crictl ps | grep $POD_NAME  | awk '{print$1}')
pid=$(chroot /host crictl inspect $cid|jq '.info.pid')

  • Run tcpdump

    nsenter -n -t $pid -- tcpdump -s 0 -n -i eth0 \
-w /host/tmp/tcpdump_$(date +%Y-%m-%d-%H-%M-%S).pcap \
dst host $DEST_HOST and dst port $DEST_PORT

    For example, if target host is PostgreSQL run on 172.30.250.21 port 5432

    DEST_HOST=172.30.250.21
DEST_PORT=5432
nsenter -n -t $pid -- tcpdump -s 0 -n -i eth0 \
-w /host/tmp/tcpdump_$(date +%Y-%m-%d-%H-%M-%S).pcap \
dst host $DEST_HOST and dst port $DEST_PORT

  • Use another shell to copy pcap file from debug pod

    oc cp $DEBUG_POD:/host/tmp/$FILENAME \
$FILENAME \
-n $DEBUG_NAMESPACE

  • Example result of tcpdump with PostgreSQL as destination

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published