小趙同學
0%

Docker容器网络抓包案例

发表于 更新于

Docker容器网络抓包案例

使用宿主机上的tcpdump工具对容器进程抓包

获取容器PID
1
2
3
4
5
# 获取容器ID
docker ps |grep xxx 

# 获取PID
docker inspect --format "{{.State.Pid}}"  container_id/name
使用nsenter切换网络命令空间
1
nsenter -n -t container_id/name
使用tcpdump抓包
1
2
3
tcpdump -vvv -s0 -w tcpdump-contract.pcap
tcpdump -vvv -s0 host 10.10.4.63 -w tcpdump-edge2.pcap

完整操作记录:
1
2
3
4
5
6
7
8
9
10
11
[root@iz2zeh8rkwrmvh0e3t9x29z ~]# docker ps |grep contract
55b1fdb7a079        registry-vpc.cn-beijing.aliyuncs.com/vcg/vcg-boss-contract                   "/bin/sh -c 'java ..."   4 days ago          Up 4 days                               k8s_vcg-boss-contract_vcg-boss-contract-55cd566f74-m2m72_default_7bf56757-b9b6-11e9-afe7-00163e0e2421_0
f372c163217f        registry-vpc.cn-beijing.aliyuncs.com/acs/pause-amd64:3.0                     "/pause"                 4 days ago          Up 4 days                               k8s_POD_vcg-boss-contract-55cd566f74-m2m72_default_7bf56757-b9b6-11e9-afe7-00163e0e2421_0
[root@iz2zeh8rkwrmvh0e3t9x29z ~]# docker inspect --format "{{.State.Pid}}" 55b1fdb7a079
9421
[root@iz2zeh8rkwrmvh0e3t9x29z ~]# nsenter -n -t 9421
[root@iz2zeh8rkwrmvh0e3t9x29z ~]# tcpdump -vvv -s0 host 10.10.4.138 -w tcpdump-contract.pcap
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
0 packets captured
0 packets received by filter
0 packets dropped by kernel