Capture packets - - Alibaba Cloud Documentation Center

Kubernetes Monitoring allows you to capture packets from container networks. This topic describes how to create a packet capture command and view the data of the packets that you capture.

Prerequisites

The Kubernetes Monitoring agent ack-arms-cmonitor is V1.1.4 or later. You can upgrade the Kubernetes Monitoring agent by performing the following steps: Log on to the Container Service for Kubernetes console. In the left-side navigation pane of the details page of a cluster, choose Operations > Components. On the Components page, upgrade the version of the Kubernetes Monitoring agent.

Background information

tcpdump is a commonly used network diagnostics and analysis tool. If a software application encounters network errors , you can use tcpdump to capture packets and troubleshoot errors. When you capture packets from a container network, you may need to handle the following issues:

You need to run the exec command to access your container. However, if a network error occurs, you may be unable to run the exec command because the container may not be in the running state.
The container does not support shell commands because it is shell-less.
tcpdump is not installed in the container.

Kubernetes Monitoring provides the tcpdump feature to dynamically send commands and access containers without logon. You do not need to install tcpdump in the container.

Create a packet capture command

Log on to the ARMS console. In the left-side navigation pane, click Kubernetes Monitoring.
On the Kubernetes Monitoring page, select a region from the top navigation bar and click the name of the cluster that you want to manage.
Go to the Packet Capture page.
Method 1:
In the left-side navigation pane, click Packet Capture.
Method 2:
1. In the left-side navigation pane, click Cluster Topology. In the Workload or Pod view, expand the namespace where the application whose packets you want to capture resides.
2. Move the pointer over a node and click Packet Capture.
  The Packet Capture panel appears.

Click Create Packet Capture Command, configure the parameters and click OK. The following table describes the parameters.


Parameter	Description
Namespace	The namespace where the application whose packets you want to capture resides.
Application Type	The type of the application.
Application Name	The name of the application.
Pod	The name of the pod.
Container	The name of the container.
NIC	The network interface controller.
src host	The source host. If you do not specify this parameter, packets are captured from all source hosts.
src port	The source port. If you do not specify this parameter, packets are captured from all source ports.
Packet Length	The maximum size of a single packet.
dst host	The destination host. If you do not specify this parameter, packets are captured from all destination hosts.
dst port	The destination port. If you do not specify this parameter, packets are captured from all destination ports.
Preview	The preview of the packet capture command.
Duration	The duration for packet capture. Unit: seconds.
Output Form	The output format of the packet data. Valid values: Streaming Output: You can only view the packet data immediately after the packet capture task is completed. PCAP File: You can download packet data at any time after you capture packets. Then, you can analyze the packet data by using tools such as Wireshark.

View packet data

All packet capture tasks are displayed on the Packet Capture page.

View streaming data

Find a packet capture task whose Type is Streaming and Status is Initialization, and click Run in the Actions column.
View streaming data.

Note You can view streaming data only once.

View a PCAP file

Find a packet capture task whose Type is PCAP File and click Download in the Actions column.
Use Wireshark to open the PCAP file and analyze the packet data.