Sometimes we need to debug the network traffic in Kubernetes cluster for our application if any gateway or session timeout errors,In this blog we will see how to analyse the network traffic in Kubernetes cluster.

Step 1:

Get node and container ID,

First we need to know in which node the pod is running and get the container ID for the pod.

To get the node name,

# kubectl get pods -o wide


It is running in k8snode1.com node.

To get the docker container ID,

# kubectl get pods pod-name -o json|grep containerID

eg : kubectl get pods node-red-55c5fc6c9-nj9ls -o json|grep containerID


Now we got the container ID.

Step 2:

Get the network adapter for the docker container,

Find the pod unique network interface index.

# docker exec container-ID  /bin/bash -c 'cat /sys/class/net/eth0/iflink'

eg : docker exec a2b145a6b08480036ba3488f3d049be67965088800823a7ba0f641c988e2163f /bin/bash -c 'cat /sys/class/net/eth0/iflink'


Now find the interface with the id,

# for i in /sys/class/net/*/ifindex; do grep -l ID $i; done

eg : for i in /sys/class/net/*/ifindex; do grep -l 12 $i; done


Now we got the network interface.

Step 3:

Analyse the network traffic of a pod,

Install tcpdump in the node server,

# yum install tcpdump -y

check the network traffic,

# tcpdump -i network-adapter-name

eg : tcpdump -i vethac5c0c48


Below I have given few more tcpdump commands,

To check the output in ascii format,

# tcpdump -i network-adapter-name  -nn -A

To check for any specific port number,

# tcpdump -i network-adapter-name  -nn -A port 8080

Write the tcpdump output in a file,

# tcpdump -i network-adapter-name -A -w file-name.pcap

Read the .pcap file,

# tcpdump -A -r file-name.pcap

That's all in this blog we have seen how to analyse network traffic in Kubernetes container by tcpdump tool.

Post a Comment

Previous Post Next Post