A way to see mTLS handshake packets between Linkerd meshed pods #14749
-
|
Hello Everyone, I wanted to see linkerd mtls traffic and what ALPN extensions are seen in the client hello for example. I tried to enable debug level and sidecar but the TLS information is limited like just seeing mTLS true or that client hello on TLS1.2 is send etc. Is there a way to see the full mtls packets in tshark for example? I don't need them decrypted just to see the TLS layer. https://linkerd.io/2-edge/tasks/modifying-proxy-log-level/ |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
By the way using not the linkerd sidecar I managed to dump the mtls :) kubectl debug hello-world-app-test-xxx -n test -it --image nicolaka/netshoot tcpdump -i eth0 port 4143 -s 0 -w /var/tmp/mesh.pcap kubectl cp -n xx -c xx hello-world-app-test-xxxx/var/tmp/mesh.pcap ./mesh.pcap |
Beta Was this translation helpful? Give feedback.
By the way using not the linkerd sidecar I managed to dump the mtls :)
kubectl debug hello-world-app-test-xxx -n test -it --image nicolaka/netshoot
tcpdump -i eth0 port 4143 -s 0 -w /var/tmp/mesh.pcap
kubectl cp -n xx -c xx hello-world-app-test-xxxx/var/tmp/mesh.pcap ./mesh.pcap