使用 tcpdump 工具抓包容器内网络数据包

1. 获取容器使用网卡
   

   1	# PID=$(docker inspect --format {{.State.Pid}} <CONTAINER_NAME>)

2. 找到当前容器 PID 使用的网卡
   

   1 2 3 4 5 6 7 8 9

   # nsenter -n -t $PID ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 192: eth0@if193: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:c0:a8:a0:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 192.168.160.3/20 brd 192.168.175.255 scope global eth0 valid_lft forever preferred_lft forever

3. 根据上面 eth0@if193 中 @if193 为关键信息，找到宿主机上 @if193 对应的网卡
   

   1 2	# ip addr | grep 193 193: veth169636c@if192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-a37be7a191f9 state UP group default

4. 根据 193: 对应的 veth169636c 就是我们当前容器对应的网卡，我们抓包的时候就使用该网卡即可
   

   1	# tcpdump -i veth169636c -w /tmp/<CONTAINER_NAME>.cap