Capture TCP packets from a pod on an AKS cluster
This article discusses how to take a TCP traffic capture at a pod of an Azure Kubernetes Service (AKS) cluster, and download the capture to your local computer.
You must run the Azure CLI version 2.0.59 or a later version.
Run az --version
to verify the version. To install the latest version of the Azure CLI, see Install Azure CLI.
Identify the name of the pod that you want to capture the TCP packets from. This should be the pod that has the connectivity issues. To do this, run
kubectl get pods -A
to see the list of pods on your AKS cluster. The following is an example of the output:NAME READY STATUS RESTARTS AGE azure-vote-back-2549686872-4d2r5 1/1 Running 0 31m azure-vote-front-848767080-tf34m 1/1 Running 0 31m
If you know the namespace that the pod runs in, you also can run
kubectl get pods -n <namespace>
to get a list of pods that are running in that namespace.Connect to the pod that you identified in the previous step. The following commands use "azure-vote-front-848767080-tf34m" as the pod name. Replace them with the correct pod name. If the pod is not in the default namespace, you must add the
--namespace
parameter to thekubectl exec
command.kubectl exec azure-vote-front-848767080-tf34m -it -- /bin/bash
After you connect to the pod, run
tcpdump --version
to determine whether the TCPdump is installed. If you receive a "command not found" message, run the following command to install the TCPdump in the pod:apt-get update && apt-get install tcpdump
If your pod uses Alpine Linux, run the following command to install TCPdump:
apk add tcpdump
Run
tcpdump -s 0 -vvv -w /capture.cap
to start capturing TCP packets on your pod.After the packet capture is finished, exit your pod shell session.
Run the following command to save the packets to the current directory:
kubectl cp azure-vote-front-848767080-tf34m:/capture.cap capture.cap
If you have questions or need help, create a support request, or ask Azure community support. You can also submit product feedback to Azure feedback community.