抓包通常使用tcpdump,但是容器中可能不存在此命令,不过可以在宿主机上通过tcpdump 抓包
演示下,容器镜像为bash:4.4
容器中执行此命令
bash-4.4# ip addr show1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN qlen 1000 link/ipip 0.0.0.0 brd 0.0.0.0 96: eth0@if97: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP link/ether 02:42:ac:13:00:0e brd ff:ff:ff:ff:ff:ff inet 172.19.0.14/16 brd 172.19.255.255 scope global eth0 valid_lft forever preferred_lft forever
获取到了96: eth0@if97
在宿主机上执行
[root@izbp152ke14timzud0du15z ~]# ip addr show|grep 9797: vethc84527c@if96: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-587cd9a3ecfb state UP group default
获取到了 97: vethc84527c@if96
在宿主机上执行
tcpdump -i vethc84527c -w /tmp/jb
然后在容器上模拟发送数据包
bash-4.4# ping www.baidu.comPING www.baidu.com (180.101.49.12): 56 data bytes 64 bytes from 180.101.49.12: seq=0ttl=49time=12.010 ms 64 bytes from 180.101.49.12: seq=1ttl=49time=11.967 ms ^C --- www.baidu.com ping statistics ---2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max =11.967/11.988/12.010 ms bash-4.4# ping test.datakit.comPING test.datakit.com (46.105.51.17): 56 data bytes 64 bytes from 46.105.51.17: seq=0ttl=41time=262.981 ms 64 bytes from 46.105.51.17: seq=1ttl=41time=253.264 ms 64 bytes from 46.105.51.17: seq=2ttl=41time=253.460 ms ^C --- test.datakit.com ping statistics ---3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max =253.264/256.568/262.981 ms
然后按ctrl+c停止tcpdump执行,把数据保存的文件,使用wireshark打开分析
