How to perform packet captures?

This document (000020049) is provided subject to the disclaimer at the end of this document.



It's often necessary to perform packet captures to debug an issue either in production or non-production setup. This article provides the steps to do the same.


  • Be able to pull the image leodotcloud/swiss-army-knife either directly or via HTTP/HTTPS proxy or using a registry mirror or via artifactory.

High-level overview

Here is a quick overview of the process involved: Identify the container or pod where packet capture is needed. SSH to the node where this particular container or pod is running. Figure out the id of the container or the pause container for the pod. Run the debug container attaching to the network namespace of the container identified in the previous step. Exec inside the debug container. Verify the network namespace by checking the IP address of the network interface. Perform the packet capture!

docker run -itd \
  --name debug_container \
  --net=container:$CONTAINER_ID \
docker exec -it debug_container bash
tcpdump -i eth0 -w /tmp/debug_capture.pcap

Further reading

The container image leodotcloud/swiss-army-knife is packaged with many tools needed in various debugging scenarios. Source code for this container image can be found here. Docker hub page can be found here. If you find any problems with this image, please file an issue on Github. You are also more than welcome to contribute to this repo by opening a PR (Pull Request)!


This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000020049
  • Creation Date: 06-May-2021
  • Modified Date:06-May-2021
    • SUSE Rancher

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center