Network Capture on OpenShift 4 with tcpdump and ksniff

Why this story


Why Both

Where to start ?

Building the image

# mkdir ~/admin-tools
# cd ~/admin-tools
# cat > << EOF
tail -f /dev/null
# chmod a+x
# cat > Dockerfile << EOF
MAINTAINER Oren Oichman "Back to ROOT!!!!"
USER root
RUN yum install epel-release -y && yum install -y jq ftp openssl p7zip curl wget tftp buildah telnet podman httpd-tools tcpdump nmap tmux bind-utils sg3_utils nmap-ncat rlwrap openldap-clients && yum clean all
WORKDIR /opt/app-root/
ENTRYPOINT ["/opt/app-root/"]
# buildah bud -f Dockerfile -t admin-tools
# HOST=$(oc get route default-route -n openshift-image-registry --template='{{ }}')
# podman tag localhost/admin-tools ${HOST}/default/admin-tools
# cd /etc/pki/ca-trust/source/anchors/
# oc -n openshift-authentication  rsh `oc get pods -n openshift-authentication -o name | head -1 `  cat /run/secrets/ > ingress-ca.crt
# update-ca-trust extact
# podman login -u $(oc whoami) -p (oc whoami -t) $HOST
# podman push ${HOST}/default/admin-tools

Running the image

# oc get nodes -o wide
# oc get nodes -o wide | grep <node> | awk '{print $6}'
# oc debug node/<node> --image=${HOST}/default/admin-tools
# ip addr show | grep -B2 <IP Address>
# tcpdump -i <interface> 'tcpdump filgters'

oc with ksniff

# wget
# unzip
# make install

Exmaple :

# oc sniff <pod name> -f "port 80"

Redirect to Wireshark

# oc sniff <pod name> -f "port 80" -o - | wireshark -r -

Non-Privileged and Scratch Pods



Open Source contributer for the past 15 years

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store