This article discusses how to take a traffic capture at a pod of an Azure Kubernetes Service (AKS) cluster, and view the capture on your local computer.
In this article
Prerequisite
In this article, we will introduce Ksniff as a Kubernetes-integrated packet sniffer, developed by Eldad Rudich.
Below software are required to be installed
- Install git on your local computer
- Install and setup kubectl
- Install krew on your local computer
- Install Ksniff on your local computer
- Install the latest version of Wireshark
Capture packets and view them in Wireshark
Once you have installed ksniff and have a pod running, it’s time to capture some network traffic. Running kubectl sniff $POD_NAME will begin a packet capture,
# command to get the pod name
kubectl get pod -n <namespace>
# command to run ksniff
kubectl sniff <POD_Name>Running the above command will open up the Wireshark and will start to show the packets.
Packet captures can become very messy, especially for pods that run complex or highly utilized workloads. tcpdump filters are a key part of making complex packet captures easier, and ksniff supports them right out of the box:
kubectl sniff nginx -f "tcp port 80"
English 
Arabic