热门标签
热门文章
- 1web 前端面试题50道_web前端面试题
- 21. 美赛赛前如何准备
- 3LeetCode力扣热题一百·自我解法记录(JAVA版本·仅代码)_leetcode题库以及解析百度云资源
- 4Jetson Orin(Ubuntu20.04)安装NoMachine和Jtop_ubuntu20.04 nomachine
- 5The repository 'http://ppa.launchpad.net/webupd8team/sublime-text-3/ubuntu bionic Release' does n
- 6GIS 25种必备编辑工具_arcgis圆弧转折线
- 7【Spring Boot】SpringBoot设计了哪些可拓展的机制?_spring boot可拓展性
- 8使用WebSocket实现的一个小Demo_websocket客户端demo
- 9脑PET图像分析与疾病预测 - nii文件数据处理与简单CNN训练_利用nii文件训练
- 10南潮物联:浅谈工业设备数据标准化采集及数字化管理_数据采集及标准化现状csdn
当前位置: article > 正文
在容器外通过tcpdump对容器内的网络抓包方法
作者:知新_RL | 2024-02-09 12:03:13
赞
踩
在容器外通过tcpdump对容器内的网络抓包方法
步骤
-
查container id,docker的话差不多
[root@master1 ~]# crictl ps |grep haproxy 5bb56c0921182 2e29f1a5b65d9 18 hours ago Running haproxy 0 b173c3f984643 haproxy-deployment-587cf97455-7xx7b- 1
- 2
-
根据container id 查找pid(docker可以用docker inspect --format {{.State.Pid}} containerID)
[root@master1 ~]# crictl inspect 5bb56c0921182 | python -c 'import sys, json; data = json.load(sys.stdin); print(data["info"]["pid"])' 2469984- 1
- 2
-
找到容器使用的网卡
[root@master1 ~]# nsenter -n -t 2469984 ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 32104: eth0@if32105: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 16:b2:ba:06:4d:a4 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 192.168.1.111/32 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::14b2:baff:fe06:4da4/64 scope link valid_lft forever preferred_lft forever- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
-
上面的那个
if32105是关键信息,然后在 host 机器上找到这个@if32105对应的网卡:[root@master1 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:50:56:b8:be:b9 brd ff:ff:ff:ff:ff:ff inet 10.148.151.130/23 brd 10.148.151.255 scope global noprefixroute ens32 valid_lft forever preferred_lft forever inet6 fe80::db71:3b9e:9958:a419/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: cilium_net@cilium_host: <BROADCAST,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 66:ce:b7:1a:d7:3f brd ff:ff:ff:ff:ff:ff inet6 fe80::64ce:b7ff:fe1a:d73f/64 scope link valid_lft forever preferred_lft forever ... 83: lxc9dc62fde4d9f@if82: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether ce:1c:5b:15:f0:65 brd ff:ff:ff:ff:ff:ff link-netns cni-5b3219cf-14b2-d39b-c104-8698dd1effb7 inet6 fe80::cc1c:5bff:fe15:f065/64 scope link valid_lft forever preferred_lft forever 32105: lxcd6f187d66d97@if32104: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 4a:8c:5d:74:dc:34 brd ff:ff:ff:ff:ff:ff link-netns cni-1f7b1b65-5fbb-5945-9b91-e10f623df249 inet6 fe80::488c:5dff:fe74:dc34/64 scope link valid_lft forever preferred_lft forever 18027: lxc7930a002d196@if18026: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 1e:98:95:d9:89:94 brd ff:ff:ff:ff:ff:ff link-netns cni-1a78e78c-5e35-f51b-fda3-ac09b3ca0e9f inet6 fe80::1c98:95ff:fed9:8994/64 scope link valid_lft forever preferred_lft forever ...- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
-
这个
lxcd6f187d66d97:就是我们要找的@if32105网卡信息,抓包的时候指定对应的网卡lxcd6f187d66d97, 现在可以抓包了:tcpdump -i lxcd6f187d66d97 -A -w capture.pcap- 1
-
命令
用命令表示以上过程:
[root@master2 ~]# nsenter -n -t $(crictl inspect $(crictl ps | grep haproxy | sed -n "2p"| awk '{print $1}') | python -c 'import sys, json; data = json.load(sys.stdin); print(data["info"]["pid"])'
) ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
42: eth0@if43: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 56:54:49:a0:1b:0b brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.2.84/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5454:49ff:fea0:1b0b/64 scope link
valid_lft forever preferred_lft forever
# 找到对应的网卡lxc006abd15e53b
[root@master2 ~]# ip addr | sed -n '/^43: /,/^[0-9]*: /p'
43: lxc006abd15e53b@if42: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 5a:4b:a8:9b:ff:57 brd ff:ff:ff:ff:ff:ff link-netns cni-a79cf5f9-801f-2d7f-bb14-6be41c134817
inet6 fe80::584b:a8ff:fe9b:ff57/64 scope link
valid_lft forever preferred_lft forever
47: lxc1186459d5c30@if46: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
遗留问题
-
HaProxy配置DNS解析时,如果server配置的域名是短域名,则kube-dns无法解析?
# 如果配置成dbsrv1.platform,则无法解析 listen opengauss bind *:6000 option httpchk http-check expect status 200 default-server inter 3s fall 3 rise 2 on-marked-down shutdown-sessions server dbsrv1 dbsrv1.platform.svc.cluster.local:5432 maxconn 100 check port 8008 resolvers kube-dns server dbsrv2 dbsrv2.platform.svc.cluster.local:5432 maxconn 100 check port 8008 resolvers kube-dns server dbsrv3 dbsrv3.platform.svc.cluster.local:5432 maxconn 100 check port 8008 resolvers kube-dns # 报文如下 13 0.020614 38879 192.168.2.42 DNS 86 Standard query 0xe5d5 A dbsrv2.platform OPT 14 0.020641 49559 192.168.2.42 DNS 86 Standard query 0xe5d5 A dbsrv2.platform OPT 15 0.020737 53 192.168.2.243 DNS 161 Standard query response 0xe5d5 No such name A dbsrv2.platform SOA a.root-servers.net OPT 16 0.020783 53 192.168.2.243 DNS 161 Standard query response 0xe5d5 No such name A dbsrv2.platform SOA a.root-servers.net OPT- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/知新_RL/article/detail/71806
推荐阅读
相关标签
