1.列出待抓包的pod 及分布在哪些节点上
kubectl get pods -n default -o wide |grep nginx
nginx-deploy-0 1/1 Running 0 4d15h 192.168.1.8 node01 <none> <none>
nginx-deploy-c566795bd-bt26b 1/1 Running 0 3d15h 192.168.1.13 node01 <none> <none>
2.找到pod中容器的eth0网卡对应的veth pair在宿主机上的网卡编号
kubectl exec -it -n default nginx-deploy-c566795bd-bt26b -- cat /sys/class/net/eth0/iflink
17
3.根据前两步的结果,找到宿主机上的veth pair对应的宿主机网卡名称
nginx-deploy 这个pod对应的宿主机的ip是在第一步获得的
宿主机上的网卡编号是在第二步获得的
登录到对应的宿主机上,执行下面的命令
ip link |grep 17
17: vetheacd4e3c@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP mode DEFAULT group default
4.在宿主机上利用tcpdump抓包
tcpdump -i vetheacd4e3c -S -vvne
dropped privs to tcpdump
tcpdump: listening on vetheacd4e3c, link-type EN10MB (Ethernet), snapshot length 262144 bytes
11:05:54.881055 82:3a:d7:ce:23:8d > 16:53:c6:c4:26:af, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 63, id 13839, offset 0, flags [DF], proto TCP (6), length 60)
192.168.0.0.42118 > 192.168.1.13.http: Flags [S], cksum 0x99ba (correct), seq 1210242654, win 64860, options [mss 1410,sackOK,TS val 1010052913 ecr 0,nop,wscale 7], length 0
11:05:54.881093 16:53:c6:c4:26:af > 82:3a:d7:ce:23:8d, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
192.168.1.13.http > 192.168.0.0.42118: Flags [S.], cksum 0x828c (incorrect -> 0x1efa), seq 85102878, ack 1210242655, win 64308, options [mss 1410,sackOK,TS val 1358665131 ecr 1010052913,nop,wscale 7], length 0
11:05:54.881295 82:3a:d7:ce:23:8d > 16:53:c6:c4:26:af, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 63, id 13840, offset 0, flags [DF], proto TCP (6), length 52)
192.168.0.0.42118 > 192.168.1.13.http: Flags [.], cksum 0x46cd (correct), seq 1210242655, ack 85102879, win 507, options [nop,nop,TS val 1010052914 ecr 1358665131], length 0
11:05:54.881334 82:3a:d7:ce:23:8d > 16:53:c6:c4:26:af, ethertype IPv4 (0x0800), length 142: (tos 0x0, ttl 63, id 13841, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.0.42118 > 192.168.1.13.http: Flags [P.], cksum 0xff42 (correct), seq 1210242655:1210242731, ack 85102879, win 507, options [nop,nop,TS val 1010052914 ecr 1358665131], length76: HTTP, length: 76
GET / HTTP/1.1
Host: 192.168.1.13
User-Agent: curl/7.76.1
Accept: */*
11:05:54.881339 16:53:c6:c4:26:af > 82:3a:d7:ce:23:8d, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 59555, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.13.http > 192.168.0.0.42118: Flags [.], cksum 0x8284 (incorrect -> 0x4686), seq 85102879, ack 1210242731, win 502, options [nop,nop,TS val 1358665131 ecr 1010052914], length0
11:05:54.882321 16:53:c6:c4:26:af > 82:3a:d7:ce:23:8d, ethertype IPv4 (0x0800), length 83: (tos 0x0, ttl 64, id 59556, offset 0, flags [DF], proto TCP (6), length 69)
192.168.1.13.http > 192.168.0.0.42118: Flags [P.], cksum 0x8295 (incorrect -> 0x86a7), seq 85102879:85102896, ack 1210242731, win 502, options [nop,nop,TS val 1358665132 ecr 1010052914], length 17: HTTP, length: 17
HTTP/1.0 200 OK
11:05:54.882449 82:3a:d7:ce:23:8d > 16:53:c6:c4:26:af, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 63, id 13842, offset 0, flags [DF], proto TCP (6), length 52)
192.168.0.0.42118 > 192.168.1.13.http: Flags [.], cksum 0x466e (correct), seq 1210242731, ack 85102896, win 507, options [nop,nop,TS val 1010052915 ecr 1358665132], length 0
11:05:54.882572 16:53:c6:c4:26:af > 82:3a:d7:ce:23:8d, ethertype IPv4 (0x0800), length 203: (tos 0x0, ttl 64, id 59557, offset 0, flags [DF], proto TCP (6), length 189)
192.168.1.13.http > 192.168.0.0.42118: Flags [P.], cksum 0x830d (incorrect -> 0xdbba), seq 85102896:85103033, ack 1210242731, win 502, options [nop,nop,TS val 1358665133 ecr 1010052915], length 137: HTTP
11:05:54.882684 16:53:c6:c4:26:af > 82:3a:d7:ce:23:8d, ethertype IPv4 (0x0800), length 183: (tos 0x0, ttl 64, id 59558, offset 0, flags [DF], proto TCP (6), length 169)
192.168.1.13.http > 192.168.0.0.42118: Flags [FP.], cksum 0x82f9 (incorrect -> 0x3b8d), seq 85103033:85103150, ack 1210242731, win 502, options [nop,nop,TS val 1358665133 ecr 1010052915], length 117: HTTP
11:05:54.882715 82:3a:d7:ce:23:8d > 16:53:c6:c4:26:af, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 63, id 13843, offset 0, flags [DF], proto TCP (6), length 52)
192.168.0.0.42118 > 192.168.1.13.http: Flags [.], cksum 0x45e5 (correct), seq 1210242731, ack 85103033, win 506, options [nop,nop,TS val 1010052915 ecr 1358665133], length 0
11:05:54.882842 82:3a:d7:ce:23:8d > 16:53:c6:c4:26:af, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 63, id 13844, offset 0, flags [DF], proto TCP (6), length 52)
192.168.0.0.42118 > 192.168.1.13.http: Flags [F.], cksum 0x456e (correct), seq 1210242731, ack 85103151, win 506, options [nop,nop,TS val 1010052915 ecr 1358665133], length 0
11:05:54.882851 16:53:c6:c4:26:af > 82:3a:d7:ce:23:8d, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 59559, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.13.http > 192.168.0.0.42118: Flags [.], cksum 0x8284 (incorrect -> 0x4572), seq 85103151, ack 1210242732, win 502, options [nop,nop,TS val 1358665133 ecr 1010052915], length0
1.创建pod:kubectl apply -f nginx.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
namespace: default
spec:
containers:
- name: nginx
imagePullPolicy: IfNotPresent
image: nginx:1.21.1
2.查看pause容器:下面有2个容器,分别是pod的容器(nginx)和pause容器
[root@master ~]# docker ps | grep nginx
9f608b435f27 822b7ec2aaf2 "/docker-entrypoint.…" 2 seconds ago Up 2 seconds k8s_nginx_nginx_default_415029ad-02b5-40d9-a2c9-9fd297b0f36d_0
515c53ba67e6 registry.aliyuncs.com/google_containers/pause:3.2 "/pause" 3 seconds ago Up 2 seconds k8s_POD_nginx_default_415029ad-02b5-40d9-a2c9-9fd297b0f36d_0
3.查看pause容器的网络命名空间
f6e92c6e5cde是上面pause容器id,如果不是pause容器,SandboxKey为空
[root@master ~]# docker inspect 515c53ba67e6 | grep SandboxKey
"SandboxKey": "/var/run/docker/netns/ca4747d33e89",
4.在pause容器使用localhost访问nginx
[root@master ~]# nsenter --net=/var/run/docker/netns/ca4747d33e89
[root@master ~]# curl localhost:80
<!DOCTYPE html>
<html>
...
</html>
网友评论