Elastic Container Instance lets you enable the tcpdump feature with a few clicks to capture and parse network packets. This helps you monitor and analyze network traffic. This topic describes how to enable the tcpdump feature to capture network packets and identify and analyze issues when network exceptions occur in containers.
Background information
When a network exception occurs in a container, you may need to capture network packets to identify and analyze the issue. However, the system may encounter the following issues when the system tries to capture network packets:
The system may not be able to use the exec command to enter the container because the container may not be in the running state when network exceptions occur.
The tcpdump tool may not be pre-installed in the root file system (rootfs) of the container. The system cannot use the tcpdump feature to capture packets.
Elastic Container Instance lets you easily enable the tcpdump feature to resolve the preceding issues. The following figure shows the logic of the tcpdump feature.
Limits
The tcpdump feature is not supported in the following regions: China (Ulanqab), China (Heyuan), China (Guangzhou), China (Nanjing - Local Region - Decommissioning), Philippines (Manila), South Korea (Seoul), Thailand (Bangkok), and Malaysia (Kuala Lumpur).
Procedure
You can use the tcpdump feature in the Elastic Container Instance console or by calling an API operation.
Console
Log on to the Elastic Container Instance console.
Enable tcpdump for an elastic container instance.
Click the target instance ID to view the Instance Details page.
On the O&M tab, click the Tcpdump tab.
Click Enable.
In the Enable Tcpdump dialog box, configure parameters based on your requirements and then click OK.
The following table describes the parameters.
Parameter | Description |
Source | You can specify a source IP address or CIDR block for the packet capture. You can also specify a source port for the packet capture. |
Destination | You can specify a destination IP address or CIDR block for the packet capture. You can also specify a destination port for the packet capture. |
ENI | The Elastic Network Interface (ENI) on which you want to capture packets. |
Packet | Size: the packet length to be captured. Default value: 65535. Unit: bytes. Quantity: the number of packets to be captured. Duration: the duration of the packet capture. Unit: seconds.
|
Network Protocol | The network protocol that you use to capture packets. TCP, UDP, and ICMPv4 are supported. |
After you enable the tcpdump feature, the system starts to capture packets and generates an O&M task that is in the Running status.
Debug the elastic container instance as needed and then disable tcpdump.
After you disable the tcpdump feature, the system stops capturing packets, generates a packet file, and stores the packet file in an Object Storage Service (OSS) bucket. The following table describes how to disable the tcpdump feature.
Shutdown procedure | Description |
Manually | On the Tcpdump tab of the instance, click Disable. |
Automatic shutdown | If you specified parameters, such as Size, Quantity, and Duration, to specify the size and duration of the packet capture when you enabled the tcpdump feature, the system automatically disables the feature when one of the conditions is met. |
Click Download in the Result column corresponding to the O&M task to download the packet file to your on-premises computer.
Note If the system does not respond, check the website permission settings of your browser. For more information, see the FAQ section of this topic.
OpenAPI
Call the CreateInstanceOpsTask operation to enable the tcpdump feature for the elastic container instance.
You must specify the following parameters to enable the tcpdump feature:
ContainerGroupId: the ID of the elastic container instance for which you want to enable the tcpdump feature.
OpsType: Set this parameter to tcpdump.
OpsValue: Set this parameter to {"Enable":true}.
Note OpsValue is a collection of parameters for a tcpdump O&M task. The values of OpsValue are JSON-formatted strings. You can specify parameters, such as Source, Destination, ENI, and Packet, as needed. For more information about OpsValue, see CreateInstanceOpsTask.
Debug the elastic container instance as needed and then disable the tcpdump feature.
After you disable the tcpdump feature, the system stops capturing packets, generates a packet file, and stores the packet file in an OSS bucket. The following table describes how to disable the tcpdump feature.
Shutdown procedure | Description |
Manually | If you want to call the CreateInstanceOpsTask operation to disable the tcpdump feature, you must specify the following parameters: ContainerGroupId: The ID of the target ECI instance. OpsType: Set this parameter to tcpdump. OpsValue: Set this parameter to {"Enable":false}.
|
Automatic shutdown | If you specified parameters, such as Snaplen, Duration, PacketNum, and FileSize, in OpsValue to specify the size and duration of the packet capture when you enabled the tcpdump feature, the system automatically disables the feature when one of the conditions is met. |
Download the packet file.
Call the DescribeInstanceOpsRecords operation to obtain the URL that points to the packet file from the ResultContent response parameter.
The packet file is stored in OSS. The following is an example URL: http://eci-ops-files-cn-beijing.oss-cn-beijing.aliyuncs.com/pcaps/1609****/eci-2ze6n7kqdici********-eth0-****.pcap?Expires=****&OSSAccessKeyId=****&Signature=****&security-token=****.
Click the URL to download the packet file to your on-premises computer.
FAQ
What do I do when the system does not respond after I enable tcpdump in the Elastic Container Instance console and click Download in the Result column of the O&M task?
If the download does not start, check your browser's site permission settings. For example, you can enable permissions in Chrome as follows:
In the Elastic Container Instance console, click the 
icon in the address bar of your browser and then select Site settings. 
Change the settings of the configuration item Insecure content to Allow. 