Skip to main content
Version: latest

trace_tcp

The trace_tcp gadget tracks tcp connect, accept and close.

Getting started

Running the gadget:

$ kubectl gadget run ghcr.io/inspektor-gadget/gadget/trace_tcp:latest [flags]

Flags

--pid

Show only events generated by processes with this pid

Default value: ""

--uid

Show only events generated by processes with this uid

Default value: ""

Guide

First, we need to create one pod:

$ kubectl run bb --image busybox:latest sleep inf
pod/bb created

You can now use the gadget, but output will be empty:

$ kubectl gadget run trace_tcp:latest
K8S.NODE K8S.NAMESPACE K8S.PODNAME K8S.CONTAINERNAME SRC DST COMM PID TID UID GID TYPE

Indeed, it is waiting for TCP connection to be established in the default namespace (you can use -A to monitor all namespaces and then be sure to not miss any event). So, in another terminal, exec a container and run this wget:

$ kubectl exec -ti bb -- wget https://www.kinvolk.io
Connecting to www.kinvolk.io (188.114.96.3:443)
wget: note: TLS certificate validation not implemented
saving to 'index.html'
index.html 100% |************************************************************************************************| 47748 0:00:00 ETA
'index.html' saved

Go back to the terminal where the gadget is running. The requests will be logged by the gadget:

K8S.NODE          K8S.NAMESPACE         K8S.PODNAME           K8S.CONTAINERNAME     SRC                          DST                          COMM                PID         TID         UID        GID TYPE
minikube-docker default bb bb 10.244.0.31:60552 172.67.196.142:443 wget 750625 750625 0 0 connect

The printed lines correspond to TCP connection established with the socket.

Congratulations! You reached the end of this guide! You can now delete the pod you created:

$ kubectl delete pod bb