Skip to main content
Version: latest

trace_sni

The trace_sni gadget tracks Server Name Indication (SNI) from TLS requests.

Getting started

Running the gadget:

$ kubectl gadget run ghcr.io/inspektor-gadget/gadget/trace_sni:latest [flags]

Guide

Run the gadget in a terminal:

$ kubectl gadget run trace_sni:latest
K8S.NODE K8S.NAMESPACE K8S.PODNAME K8S.CONTAINERNAME COMM PID TID UID GID NAME

Run a pod on a different terminal and perform some requests:

$ kubectl run -it ubuntu --image ubuntu:latest -- /bin/bash
root@ubuntu:/# apt update && apt install -y wget && wget wikimedia.org
(...)
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.wikimedia.org/ [following]
(...)
root@ubuntu:/# wget www.github.com
(...)
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://github.com/ [following]
(...)

Go back to the terminal where the gadget is running. The requests will be logged by the gadget:

K8S.NODE          K8S.NAMESPACE               K8S.PODNAME                 K8S.CONTAINERNAME           COMM                      PID            TID           UID           GID NAME
minikube-docker default ubuntu ubuntu wget 693742 693742 0 0 wikimedia.org
minikube-docker default ubuntu ubuntu wget 693742 693742 0 0 www.wikimedia.org

We can see that each time our wget client connected to a different server, our tracer caught the Server Name Indication requested.

Congratulations! You reached the end of this guide! You can now delete the pod you created:

$ kubectl delete pod ubuntu