Capturing Packets in a Kubernetes Environment with Containerd

[lcc3108]

Hello

I would like to check the traffic of the pod running through containerd through that tool.

#65

The above article was written based on docker, so I used it like the command below in accordance with containerd.

ecapture tls --libssl=/run/containerd/io.containerd.runtime.v2.task/k8s.io/${container_id}/rootfs/lib64/libssl.so.1.1

When executing curl in pod with this command, it is captured well, but the server's communication is not captured.

I saw what socket the server uses as lsof etc, but I'm using java, so I can't find any specific files.

Do you happen to have any instructions to find out what libssl is used in java, node, etc?

Thank you.

[cfc4n]

The program written in Java does not utilize the libssl library. Node is statically compiled and integrated into the executable file.

Therefore, it is impossible to intercept encrypted communications of the Java program. However, support for Node encryption can be provided; you need to set the Node file with the --libssl argument.

[lcc3108]

I'm gonna have to find another way for java

In the case of the node, as instructed, the node itself is designated as libssl, so it works well.

Thank you for your answer.