Skip to content

Latest commit

 

History

History
55 lines (36 loc) · 1.75 KB

dynamic-packet-capture.md

File metadata and controls

55 lines (36 loc) · 1.75 KB
Raw

Module 12: Dynamic packet capture

Goal: Configure packet capture for specific pods and review captured payload.

Steps

  1. Configure packet capture.

    Navigate to demo/60-packet-capture and review YAML manifests that represent packet capture definition. Each packet capture is configured by deploing a PacketCapture resource that targets endpoints using selector and labels.

    Deploy packet capture definition to capture packets for dev/nginx pods.

    kubectl apply -f demo/60-packet-capture/nginx-pcap.yaml

    Once the PacketCapture resource is deployed, Calico starts capturing packets for all endpoints configured in the selector field.

  2. Install calicoctl CLI

    The easiest way to retrieve captured *.pcap files is to use calicoctl CLI.

    # download and configure calicoctl
curl -o calicoctl -O -L https://docs.tigera.io/download/binaries/v3.7.0/calicoctl
chmod +x calicoctl
sudo mv calicoctl /usr/local/bin/
calicoctl version

  3. Fetch and review captured payload.

    The captured *.pcap files are stored on the hosts where pods are running at the time the PacketCapture resource is active.

    Retrieve captured *.pcap files and review the content.

    # get pcap files
calicoctl captured-packets copy dev-capture-nginx --namespace dev

ls dev-nginx*
# view *.pcap content
tcpdump -Ar dev-nginx-XXXXXX.pcap
tcpdump -Xr dev-nginx-XXXXXX.pcap

  4. Stop packet capture

    Stop packet capture by removing the PacketCapture resource.

    kubectl delete -f demo/60-packet-capture/nginx-pcap.yaml

Congratulations! You have finished all the labs in the workshop.