All Products
Search
Document Center

Elastic Container Instance:Analyze network issues with tcpdump

Last Updated:Jun 21, 2026

Elastic Container Instance (ECI) offers a one-click tcpdump feature for capturing and analyzing network packets to monitor network traffic. This topic shows you how to use tcpdump to capture packets and troubleshoot container network issues.

Background

When a container has a network issue, you may need to capture packets to diagnose the problem. However, you might encounter the following challenges:

  • Packet capture typically requires entering the container with an exec command. If a network issue occurs, the container may not be in a running state, which prevents you from using exec.

  • Packet capture requires the tcpdump tool, which might not be installed in the container's rootfs.

To address these issues, ECI provides a one-click tcpdump feature. It works as follows:

tcpdump

Limitations

The tcpdump feature is not supported in the following regions: China (Ulanqab), China (Heyuan), China (Guangzhou), China (Nanjing - Local Region - Decommissioning), Philippines (Manila), South Korea (Seoul), Thailand (Bangkok), and Malaysia (Kuala Lumpur).

Procedure

You can use the tcpdump feature from the Elastic Container Instance console or by calling an OpenAPI operation.

Console

  1. Log on to the Elastic Container Instance console.

  2. Enable tcpdump for the ECI instance.

    1. Click the target instance ID to open the instance details page.

    2. Click the O&M tab, and then click the Tcpdump tab.

    3. Click Enable.

    4. Configure the parameters and click OK.

      The following table describes the parameters.

      Parameter

      Description

      Source

      The source IP address or CIDR block and the port from which to capture packets.

      Destination

      The destination IP address or CIDR block and the port to which packets are sent.

      ENI

      The elastic network interface (ENI) on which to capture packets.

      Packet

      • Length: The maximum length of each captured packet, in bytes. Default: 65535.

      • Quantity: The total number of packets to capture.

      • Duration: The capture duration in seconds.

      Network protocol

      Select a network protocol. TCP, UDP, and ICMPv4 are supported.

      After you enable tcpdump, the system starts the packet capture and creates a corresponding O&M task. The task status is Running.

  3. Reproduce the issue on the target ECI instance, and then disable tcpdump.

    After tcpdump is disabled, the system stops the packet capture, generates a PCAP file, and stores the file in Object Storage Service (OSS). You can disable tcpdump in one of the following ways:

    Method

    Description

    Manual

    On the Tcpdump tab of the target instance, click Disable.

    Automatic

    If you set a packet size, count, or duration limit when enabling tcpdump, the system automatically disables it when any limit is reached.

  4. In the O&M task's Result column, click Download to download the PCAP file to your computer.

    Note

    If the download does not start, check your browser's site settings. For more information, see FAQ.

OpenAPI

  1. Call the CreateInstanceOpsTask operation to enable tcpdump for an ECI instance.

    When you enable tcpdump, set the following parameters:

    • ContainerGroupId: Specify the ID of the target ECI instance.

    • OpsType: Set to tcpdump.

    • OpsValue: Set to {"Enable":true}.

      Note

      OpsValue is a JSON string that contains parameters for tcpdump O&M tasks. You can configure parameters such as the source address, destination address, ENI, and packet-related settings. For details on configuring OpsValue, see CreateInstanceOpsTask.

  2. Reproduce the issue on the target ECI instance, and then disable tcpdump.

    After tcpdump is disabled, the system stops the packet capture, generates a PCAP file, and stores the file in OSS. You can disable tcpdump in one of the following ways:

    Method

    Description

    Manual

    Call the CreateInstanceOpsTask operation to disable tcpdump. Set the following parameters:

    • ContainerGroupId: Specify the ID of the target ECI instance.

    • OpsType: Set to tcpdump.

    • OpsValue: Set to {"Enable":false}.

    Automatic

    If you set limits such as Snaplen, Duration, PacketNum, or FileSize in OpsValue when enabling tcpdump, the system automatically disables it when any limit is reached.

  3. Download the PCAP file.

    1. Call the DescribeInstanceOpsRecords operation to obtain the URL of the PCAP file from the ResultContent parameter in the response.

      The PCAP file is saved in OSS. The following is an example URL: http://eci-ops-files-cn-beijing.oss-cn-beijing.aliyuncs.com/pcaps/1609****/eci-2ze6n7kqdici********-eth0-****.pcap?Expires=****&OSSAccessKeyId=****&Signature=****&security-token=****.

    2. Open the URL to download the PCAP file.

FAQ

The download does not start when I click Download in the console. What should I do?

If the download does not start, check your browser's site settings. For example, you can follow these steps to grant the necessary permission in Google Chrome:

  1. Open the Elastic Container Instance console. Click the 浏览器图标 icon to the left of the address bar and select Site settings.

  2. Set Insecure content to Allow.