tshark does not filter packets inside docker container

asked 2020-03-19 11:34:25 +0000

Abhi
1 ●1 ●3 ●1

We have a situation where tshark command runs fine and filters a pcap file. But the same command fails to run within the docker container running in kubernetes.

Here is the command in question.

tshark -n -r input.pcap -w output.pcap -Y "diameter.Bearer-Identifier == 05"

Details CentOS Linux release 7.5.1804 (Core) tcpdump version 4.9.2 libpcap version 1.5.3 OpenSSL 1.0.2k-fips 26 Jan 2017 TShark 1.10.14 (Git Rev Unknown from unknown)

Please respond if any one has faced similar situation.

edit retag flag offensive close merge delete

add a comment

2 Answers

Sort by » oldest newest most voted

answered 2020-03-20 12:17:59 +0000

Abhi
1 ●1 ●3 ●1

Found the root cause of this problem. Inside the container the diameter agent was running on a non default port. Hence it wasn't filtering the files. The version of tshark wasn't an issue.

tshark -d tcp.port==<your-port>,diameter -n -r input.pcap -w output.pcap -Y "diameter.Bearer-Identifier == 05"