How to run telnet/tcpdump in OpenShift v4 CoreOS node

You can download this article in PDF format via the link below to support us.

Download the guide in PDF format

turn off


Starting from the OpenShift 4 version, Red Hat Enterprise Linux CoreOS (RHCOS) is the recommended and supported operating system that runs on all OpenShift Container Platform computers. RHCOS combines the quality standards of Red Hat Enterprise Linux (RHEL) with the automatic remote upgrade function of Container Linux.

RHCOS does not come with a package manager, such as yum or dnf. The operating system uses the following functions for transaction upgrades: rpm-ostree The system is a system that delivers updates through container images and is part of the OpenShift container platform update process.

There is no OS package manager and direct download and installation of RPM packages is not supported. The only way to run tools that are not pre-packaged with the OS is through containers. The good thing is that CoreOS comes with a package called Toolbox It will start a container and let you introduce your favorite debugging or management tools.

Run toolbox container in OpenShift 4 RHCOS machine

You can start the toolbox container with the following command Toolbox The script provided. But first you have to access the OpenShift node from where you want to run the management tool in the container.

you can use it OC debugging Command or SSH.

--- Access node with SSH ---
$ ssh [email protected]

--- Access node with oc debug command ---
$ oc debug node/

Use the oc debugging example for access.

$ oc debug node/
Starting pod/node01ocpcomputingforgeekscom-debug ...
To use host binaries, run `chroot /host`

The prompt comes from a special tool container that mounts the node root file system on /Host Folder and allows you to check files from that node.

As the command output shows, you need to start a chroot shell in the /host folder. This will enable you to use host binaries in Shell.

chroot /host

You will see the following output:

chroot /host
Pod IP:
If you don't see a command prompt, try pressing enter.
sh-4.2# chroot /host

To start the toolbox container, use the following command.

$ /usr/bin/toolbox

The first time you run the script, it will download the toolbox container image to your node.

Trying to pull
Getting image source signatures
Copying blob ec1681b6a383 done  
Copying blob c4d668e229cd done  
Copying blob 6b1688d3542f done  
Copying config 50b63c2aff done  
Writing manifest to image destination
Storing signatures

Then, it rotates the container with Podman.

Spawning a container 'toolbox-core' with image ''
Detected RUN label in the container image. Using that as the default...
command: podman run -it --name toolbox-core --privileged --ipc=host --net=host --pid=host -e HOST=/host -e NAME=toolbox-core -e -v /run:/run -v /var/log:/var/log -v /etc/machine-id:/etc/machine-id -v /etc/localtime:/etc/localtime -v /:/host

Run telnet/tcpdump in OpenShift v4 CoreOS server

After entering the container shell, you can use the yum package manager to install the required debugging and management tools.

--- Install network tools ---
# yum -y install iproute net-tools

--- Install telnet ---
# yum -y install telnet

--- Install tcpdump ---
# yum -y install tcpdump

--- Install any other tool ---
# yum -y install 

Use telnet:

# telnet  

Use tcpdump:

Identify the interface name-you need to install network tools.

# ip link show | head 
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens3:  mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:1a:4a:16:01:73 brd ff:ff:ff:ff:ff:ff
7: ovs-system:  mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 4e:66:b9:32:0d:26 brd ff:ff:ff:ff:ff:ff
8: br0:  mtu 1450 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 72:d6:df:e8:13:48 brd ff:ff:ff:ff:ff:ff
9: vxlan_sys_4789:  mtu 65000 qdisc noqueue master ovs-system state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 4a:c4:7f:c1:85:f7 brd ff:ff:ff:ff:ff:ff

Use tcpdump.

# tcpdump 

This example is used to capture packets from any interface sent to the port 443. We save the output to a path in the Node file system, the path can be /Host table of Contents.

# tcpdump -i any port 443 -s 0 -vv -s 0 -w  /host/tmp/testpacketname.pcap

You can replace Any Have an interface name, for example:

-i ens3

To end the capture, press Control-C.

Run tcpdump capture from the container

Open the debug shell or SSH to the node where the target Pod is running:

$ oc debug node/

--- OR ---
$ ssh [email protected]

Use the crictl ps command to determine the process ID of the target Pod:

# crictl ps

My container id is 51a17d9a4b376. Let’s save it as a variable.


Get the container PID:

container_pid=$(crictl inspect --output yaml $container_id  | grep 'pid:' | awk '{print $2}')

Confirmation value:

# echo $container_pid
# ps 1124033
1124033 ?        Ss     0:00 /bin/sleep 3650d

You can use the following command to start tcpdump in the container’s network namespace.

# nsenter -n -t $container_pid -- tcpdump 

--- Example ---
# tcpdump -i any port 443 -s 0 -vv -s 0 -w  /host/tmp/testpacketname.pcap

Please note that you need to install tcpdump in the container before running the command.

More articles about OpenShift.

How to install ArgoCD on OpenShift cluster

How to install Istio Service Mesh on OpenShift 4.x

Run Ceph Toolbox for Rook on Kubernetes/OpenShift

You can download this article in PDF format via the link below to support us.

Download the guide in PDF format

turn off