On 10/16/2015 9:40 AM, Mark Betz wrote: > I am not having much luck getting output from tcpdump inside the > container. I don't have much experience with the tool so any tips will > be appreciated. I'm starting the command in the container start-up > script right before haproxy is launched... > > sudo nohup tcpdump -i any -U -nn -XX -e -v -S -s 0 -w > /var/log/icitizen/tcpdump.out &
Most of those options are not useful when capturing actual packet data to a file, they are only useful when dumping packet information to stdout. They might be confusing tcpdump. Try a much less complicated command. You might want to pick a specific interface rather than "any" ... captures on the "any" interface are not done promiscuously, and in many cases you do want a promiscuous capture: tcpdump -i eth0 -s0 -w output.cap If the idea is to capture both traffic going in and out of haproxy, and this happens on separate interfaces, you might want to do separate captures for each interface. I'm not a tcpdump expert, so I won't be able to answer expert-level questions about it, but I have used it a lot. Thanks, Shawn
