GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → eldadru → Ksniff

eldadru / Ksniff

Licence: apache-2.0
Kubectl plugin to ease sniffing on kubernetes pods using tcpdump and wireshark

Programming Languages

go
31211 projects - #10 most used programming language

Labels

kubernetesdebuggingkubectlwiresharksniffing

Projects that are alternatives of or similar to Ksniff

Daggy
Daggy - Data Aggregation Utility. Open source, free, cross-platform, server-less, useful utility for remote or local data aggregation and streaming
Stars: ✭ 91 (-93.2%)
Mutual labels:  wireshark, sniffing
pyrfidhid
Python library to control Chinese USB HID 125Khz RFID Reader/Writer
Stars: ✭ 104 (-92.23%)
Mutual labels:  wireshark, sniffing
Kubectl Cssh
A kubectl plugin to ssh into Kubernetes nodes within separate tmux panes
Stars: ✭ 76 (-94.32%)
Mutual labels:  kubectl
Injectallthethings
Seven different DLL injection techniques in one single project.
Stars: ✭ 1,297 (-3.14%)
Mutual labels:  debugging
Kuttle
Kubernetes wrapper for sshuttle
Stars: ✭ 86 (-93.58%)
Mutual labels:  kubectl
Kubeplay
kubeplay – a new way to interact with Kubernetes API from your terminal
Stars: ✭ 83 (-93.8%)
Mutual labels:  kubectl
React Native Logs
Performance-aware simple logger for React-Native with namespaces, custom levels and custom transports (colored console, file writing, etc.)
Stars: ✭ 84 (-93.73%)
Mutual labels:  debugging
Lldb
A collection of LLDB aliases/regexes and Python scripts to aid in your debugging sessions
Stars: ✭ 1,187 (-11.35%)
Mutual labels:  debugging
Konfig
konfig helps to merge, split or import kubeconfig files
Stars: ✭ 92 (-93.13%)
Mutual labels:  kubectl
Google It Automation With Python
Repository to keep track of Google IT Automation with Python provided by Coursera
Stars: ✭ 86 (-93.58%)
Mutual labels:  debugging
Pyshark
Python wrapper for tshark, allowing python packet parsing using wireshark dissectors
Stars: ✭ 1,286 (-3.96%)
Mutual labels:  wireshark
Debugging
Talk about general debugging strategies. How to be less confused and frustrated.
Stars: ✭ 86 (-93.58%)
Mutual labels:  debugging
Kubectl Build
Build dockerfiles directly in your Kubernetes cluster.
Stars: ✭ 84 (-93.73%)
Mutual labels:  kubectl
Perf Hoc
(Deprecated) Visualize and detect unnecessary rendering and performance issues in React.
Stars: ✭ 87 (-93.5%)
Mutual labels:  debugging
Terraform Eks
Terraform for AWS EKS
Stars: ✭ 82 (-93.88%)
Mutual labels:  kubectl
Python Aspectlib
An aspect-oriented programming, monkey-patch and decorators library. It is useful when changing behavior in existing code is desired. It includes tools for debugging and testing: simple mock/record and a complete capture/replay framework.
Stars: ✭ 90 (-93.28%)
Mutual labels:  debugging
Kubectl Trace
Schedule bpftrace programs on your kubernetes cluster using the kubectl
Stars: ✭ 1,194 (-10.83%)
Mutual labels:  kubectl
Clitools
🔧 CliTools for Docker, PHP / MySQL development, debugging and synchonization
Stars: ✭ 86 (-93.58%)
Mutual labels:  debugging
Kubedoom
Kill Kubernetes pods by playing Id's DOOM!
Stars: ✭ 1,330 (-0.67%)
Mutual labels:  kubectl
Vlog
An in-display logging library for Android 📲
Stars: ✭ 86 (-93.58%)
Mutual labels:  debugging
View All Similar Projects ➔

ksniff

Build Status

A kubectl plugin that utilize tcpdump and Wireshark to start a remote capture on any pod in your Kubernetes cluster.

You get the full power of Wireshark with minimal impact on your running pods.

Intro

When working with micro-services, many times it's very helpful to get a capture of the network activity between your micro-service and it's dependencies.

ksniff use kubectl to upload a statically compiled tcpdump binary to your pod and redirecting it's output to your local Wireshark for smooth network debugging experience.

Demo

Demo!

Production Readiness

Ksniff isn't production ready yet, running ksniff for production workloads isn't recommended at this point.

Installation

Installation via krew (https://github.com/GoogleContainerTools/krew)

kubectl krew install sniff

For manual installation, download the latest release package, unzip it and use the attached makefile:

unzip ksniff.zip
make install

Build

Requirements:

  1. libpcap-dev: for tcpdump compilation (Ubuntu: sudo apt-get install libpcap-dev)
  2. go 1.11 or newer

Compiling:

linux:      make linux
windows:    make windows
mac:        make darwin

To compile a static tcpdump binary:

make static-tcpdump

Usage

kubectl < 1.12:
kubectl plugin sniff <POD_NAME> [-n <NAMESPACE_NAME>] [-c <CONTAINER_NAME>] [-i <INTERFACE_NAME>] [-f <CAPTURE_FILTER>] [-o OUTPUT_FILE] [-l LOCAL_TCPDUMP_FILE] [-r REMOTE_TCPDUMP_FILE]

kubectl >= 1.12:
kubectl sniff <POD_NAME> [-n <NAMESPACE_NAME>] [-c <CONTAINER_NAME>] [-i <INTERFACE_NAME>] [-f <CAPTURE_FILTER>] [-o OUTPUT_FILE] [-l LOCAL_TCPDUMP_FILE] [-r REMOTE_TCPDUMP_FILE]

POD_NAME: Required. the name of the kubernetes pod to start capture it's traffic.
NAMESPACE_NAME: Optional. Namespace name. used to specify the target namespace to operate on.
CONTAINER_NAME: Optional. If omitted, the first container in the pod will be chosen.
INTERFACE_NAME: Optional. Pod Interface to capture from. If omitted, all Pod interfaces will be captured.
CAPTURE_FILTER: Optional. specify a specific tcpdump capture filter. If omitted no filter will be used.
OUTPUT_FILE: Optional. if specified, ksniff will redirect tcpdump output to local file instead of wireshark. Use '-' for stdout.
LOCAL_TCPDUMP_FILE: Optional. if specified, ksniff will use this path as the local path of the static tcpdump binary.
REMOTE_TCPDUMP_FILE: Optional. if specified, ksniff will use the specified path as the remote path to upload static tcpdump to.

Non-Privileged and Scratch Pods

To reduce attack surface and have small and lean containers, many production-ready containers runs as non-privileged user or even as a scratch container.

To support those containers as well, ksniff now ships with the "-p" (privileged) mode. When executed with the -p flag, ksniff will create a new pod on the remote kubernetes cluster that will have access to the node docker daemon.

ksniff will than use that pod to execute a container attached to the target container network namespace and perform the actual network capture.

Piping output to stdout

By default ksniff will attempt to start a local instance of the Wireshark GUI. You can integrate with other tools using the -o - flag to pipe packet cap data to stdout.

Example using tshark:

kubectl sniff pod-name -f "port 80" -o - | tshark -r -

Contribution

More than welcome! please don't hesitate to open bugs, questions, pull requests

Future Work

  1. Instead of uploading static tcpdump, use the future support of "kubectl debug" feature (https://github.com/kubernetes/community/pull/649) which should be a much cleaner solution.

Known Issues

Wireshark and TShark cannot read pcap

Issues 100 and 98

Wireshark may show UNKNOWN in Protocol column. TShark may report the following in output:

tshark: The standard input contains record data that TShark doesn't support.
(pcap: network type 276 unknown or unsupported)

This issue happens when using an old version of Wireshark or TShark to read the pcap created by ksniff. Upgrade Wireshark or TShark to resolve this issue. Ubuntu LTS versions may have this problem with stock package versions but using the Wireshark PPA will help.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].