Comments (6)
Side note this tool is awesome.
from ksniff.
Hi @RevREB thanks for using ksniff, glad you liked it!
I didn't check the minimum required permissions, I guess that the privileged mode requires higher permissions as it's creating new pod with access to the hosting node.
The upload mode will probably require less permissions because it's only execute tcpdump on existing pod.
In case you will have more detailed answer, it will be super helpful if you will update the project README with this information.
Eldad.
from ksniff.
I'm still gonna dig into it later... but does this basically just exec into the pod and and run tcpdump and pipe the stdout back across the wire?
from ksniff.
Yeah, what you described is the "exec mode"
Privileged mode is different:
-
Deploy new pod with access to docker daemon unix socket file
-
From the new privileged pod, create new docker container on the same node which attaches to the target pod network namespace.
-
exec tcpdump on our new container, pipe stdout over the wire
from ksniff.
ok, ill play with RBAC this weekend and find the Lowest required perms.
from ksniff.
Closing for now, @RevREB if you did found the minimum required permissions, please open a pull request with your findings - thanks!
from ksniff.
Related Issues (20)
- netns return empty string so nothing is ever captured HOT 10
- can't execute 'ctr': No such file or directory HOT 3
- can't run in privileged mode
- Openshift 4.10 Mac M1 nsenter: can't execute 'tcpdump': No such file or directory
- sniff on RKE2 fails to create the ksniff pod HOT 2
- Vulnerable 3rd party libs
- Release new version HOT 1
- Add istio inject false label/annotation
- Add ARM linux based static-tcpdump HOT 1
- ksniff failing to create a privileged pod on the node with taints
- Issues running on arm64 HOT 1
- Can ksniff be used for one-time packet captures (~10 min) in production environment for debugging purposes? Apart from clean up of left over pods or containers, what else should I look into after using it for a short pcap?
- cloud storage support for sniff output
- Not able to build static-tcpdump on Ubuntu 22.04 Jammy
- Can we take tcpdump on multiple pods using ksniff ? For an example if a namespace has 4 PODs running can we take TCPDUMP on all the 4 PODs using kubectl sniff -p <pod1> <pod2> <pod3>
- 'kubectl sniff' command returning 139 exit/error code during execution. RCA required for failed attempt at packet capture so that workaround can be identified. HOT 6
- exitCode: '126' when using --tcpdump-image for an airgapped scenario HOT 1
- kubectl sniff fails with certificate error.
- Incorrect Makefile install path for kubectl >= 1.28
- K8S API client 30s timeout: request canceled (Client.Timeout exceeded while awaiting headers)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ksniff.