容器抓包操作
原创
- 创建容器
~ kubectl run nginx --image nginx:alpine -n default- 获取容器id
~ kubectl describe pod -n default nginx | grep -A10 "^Containers:" |grep "Container ID"
Container ID: docker://3653685272e451eaf1f824dde081abcb218506dc773f30b3f1ac91697ee0df70- 进入容器宿主机,获取pid
ssh xxx
$ sudo docker inspect -f {{.State.Pid}} 3653685272e451eaf1f824dde081abcb218506dc773f30b3f1ac
91697ee0df70
14842- 进入容器的网络命名空间
可以看到容器的ip地址
$ sudo nsenter -n -t 14842
# ip addr
3: eth0@if1293: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether f6:3c:7d:8c:22:12 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.21.2.73/25 brd 172.21.2.127 scope global eth0
valid_lft forever preferred_lft forever- 抓包测试
tcpdump 抓包
tcpdump -i eth0 -nnnn -ttt port 80其他节点向容器发包
nc 172.21.2.73 80抓包结果
00:00:00.000000 IP 10.1.1.91.7860 > 172.21.2.73.80: Flags [S], seq 2688497194, win 29200, options [mss 1460,sackOK,TS val 2157609
545 ecr 0,nop,wscale 9], length 0
00:00:00.000027 IP 172.21.2.73.80 > 10.1.1.91.7860: Flags [S.], seq 753018921, ack 2688497195, win 28960, options [mss 1460,sackO
K,TS val 2976168148 ecr 2157609545,nop,wscale 9], length 0
00:00:00.000138 IP 10.1.1.91.7860 > 172.21.2.73.80: Flags [.], ack 1, win 58, options [nop,nop,TS val 2157609545 ecr 2976168148],
length 0
00:00:00.000027 IP 10.1.1.91.7860 > 172.21.2.73.80: Flags [F.], seq 1, ack 1, win 58, options [nop,nop,TS val 2157609545 ecr 2976
168148], length 0
00:00:00.000046 IP 172.21.2.73.80 > 10.1.1.91.7860: Flags [F.], seq 1, ack 2, win 57, options [nop,nop,TS val 2976168148 ecr 2157
609545], length 0
00:00:00.000091 IP 10.1.1.91.7860 > 172.21.2.73.80: Flags [.], ack 2, win 58, options [nop,nop,TS val 2157609545 ecr 2976168148],
length 0tcpdump可以选择条件host
# tcpdump -i eth0 -nnnn -ttt host 10.1.1.91容器查看是否丢包
此处没有丢包,所以没有
# netstat -s | grep -E 'overflow|drop'退出容器
exit原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
评论
登录后参与评论
推荐阅读