Elastic Container Instance allows you to enable the tcpdump feature in a few clicks to capture and parse network packets. This helps you monitor and analyze network traffic. This topic describes how to enable tcpdump to capture network packets and analyze and locate problems when network exceptions occur in containers.
Background information
When a network exception occurs in a container, you may need to capture network packets to analyze and locate the problem. However, the system may encounter the following problems when the system tries to capture network packets:
The system may not be able to use exec to enter the container because the container may not be in the running state when network exceptions occur.
tcpdump may not be pre-installed in the rootfs of the container. The system cannot use tcpdump to capture packets.
Elastic Container Instance allows you to easily enable tcpdump to resolve the preceding problems. The following figure shows the logic of tcpdump:
Limits
Tcpdump cannot be used in the following regions: China (Ulanqab), China (Heyuan), China (Guangzhou), China (Nanjing - Local Region), Philippines (Manila), Korea (Seoul), and Thailand (Bangkok).
Procedure
You can use tcpdump in the Elastic Container Instance console or by calling an API operation.
Use the Elastic Container Instance console
Log on to the Elastic Container Instance console.
Enable tcpdump for an instance.
In the left-side navigation pane, click Container Group. On the Container Group page, click the ID of the instance for which you want to enable tcpdump to go to the instance details page.
On the O&M tab, click the Tcpdump tab.
Click Enable.
In the Enable Tcpdump dialog box, configure parameters based on your requirements and then click OK.
The following table describes the parameters.
Parameter | Description |
Source | You can specify the source IP address or CIDR block of the packet capture. You can also specify the source port of the packet capture. |
Destination | You can specify the destination IP address or CIDR block of the packet capture. You can also specify the destination port of the packet capture. |
ENI | The Elastic Network Interface (ENI) on which you want to capture packets. |
Packet | Size: the packet length to be captured. Default value: 65535. Unit: bytes. Quantity: the number of packets to be captured. Duration: the duration of the packet capture. Unit: seconds.
|
Network Protocol | The network protocol that you use to capture packets. TCP, UDP, and ICMPv4 are supported. |
After you enable tcpdump, the system starts to capture packets and generates an O&M task that is in the Running state.
Debug the elastic container instance as needed, and then disable tcpdump.
After you disable tcpdump, the system stops capturing packets, generates a packet file, and stores the packet file in an Object Storage Service (OSS) bucket. The following table describes how to disable tcpdump:
Disable mode | Description |
Manually | On the Tcpdump tab of the instance, click Disable. |
Automatically | If you configured parameters such as Size, Quantity, and Duration to specify the size and duration of packet capture when you enabled tcpdump, the system automatically disables tcpdump when one of the conditions is met. |
Click Download in the Result column corresponding to the O&M task to download the packet file to your on-premises computer.
Note If the system does not respond, check the website permission settings of your browser. For more information, see FAQ.
Call an API operation
Call the CreateInstanceOpsTask API operation to enable tcpdump for the elastic container instance.
You must configure the following parameters to enable tcpdump:
ContainerGroupId: the ID of the elastic container instance for which you want to enable tcpdump.
OpsType: Set this parameter to tcpdump.
OpsValue: Set this parameter to {"Enable":true}.
Note OpsValue is a collection of parameters for a tcpdump O&M task. The values of OpsValue are JSON-formatted strings. You can configure parameters, such as Source, Destination, ENI, and Packet, based on your business requirements. For more information about OpsValue, see CreateInstanceOpsTask.
Debug the elastic container instance as needed, and then disable tcpdump.
After you disable tcpdump, the system stops capturing packets, generates a packet file, and stores the packet file in an OSS bucket. The following table describes how to disable tcpdump:
Disable mode | Description |
Manually | If you want to call the CreateInstanceOpsTask API operation to disable tcpdump, you must configure the following parameters: ContainerGroupId: the ID of the elastic container instance for which you want to disable tcpdump. OpsType: Set this parameter to tcpdump. OpsValue: Set this parameter to {"Enable":false}.
|
Automatically | If you configured parameters such as Snaplen, Duration, PacketNum, and FileSize in OpsValue to specify the size and duration of packet capture when you enabled tcpdump, the system automatically disables tcpdump when one of the conditions is met. |
Download the packet file.
Call the DescribeInstanceOpsRecords API operation to obtain the URL that points to the packet file from the ResultContent response parameter.
The packet file is stored in an OSS bucket. Example URL: http://eci-ops-files-cn-beijing.oss-cn-beijing.aliyuncs.com/pcaps/1609****/eci-2ze6n7kqdici********-eth0-****.pcap?Expires=****&OSSAccessKeyId=****&Signature=****&security-token=****.
Click the URL to download the packet file to your on-premises computer.
FAQ
The system does not respond after I enable tcpdump in the Elastic Container Instance console and I click Download in the Result column of the O&M task. What do I do?
If the system does not respond, check the website permission settings of your browser. For example, if you use Google Chrome, you can use the following method to allow the download:
In the Elastic Container Instance console, click the 
icon in the address bar of your browser, and then select Site settings. 
Change the settings of the configuration item Insecure content to Allow. 