{"id":14523737,"url":"https://github.com/larryTheSlap/dumpy","last_synced_at":"2025-09-01T07:32:46.259Z","repository":{"id":217784465,"uuid":"744792412","full_name":"larryTheSlap/dumpy","owner":"larryTheSlap","description":"kubectl plugin that performs tpcdump network captures on resources inside kubernetes cluster","archived":false,"fork":false,"pushed_at":"2025-01-07T20:54:36.000Z","size":207,"stargazers_count":64,"open_issues_count":1,"forks_count":4,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-07T21:38:54.985Z","etag":null,"topics":["kubectl","kubernetes","kubernetes-plugin","tcpdump","wireshark"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/larryTheSlap.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-01-18T02:27:36.000Z","updated_at":"2024-12-16T16:19:55.000Z","dependencies_parsed_at":null,"dependency_job_id":"78d23279-2ac8-40af-be7b-df1cb434a9a5","html_url":"https://github.com/larryTheSlap/dumpy","commit_stats":null,"previous_names":["larrytheslap/dumpy"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/larryTheSlap/dumpy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/larryTheSlap%2Fdumpy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/larryTheSlap%2Fdumpy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/larryTheSlap%2Fdumpy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/larryTheSlap%2Fdumpy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/larryTheSlap","download_url":"https://codeload.github.com/larryTheSlap/dumpy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/larryTheSlap%2Fdumpy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273088763,"owners_count":25043559,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-01T02:00:09.058Z","response_time":120,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kubectl","kubernetes","kubernetes-plugin","tcpdump","wireshark"],"created_at":"2024-09-04T11:01:26.192Z","updated_at":"2025-09-01T07:32:46.241Z","avatar_url":"https://github.com/larryTheSlap.png","language":"Go","funding_links":[],"categories":["kubectl Plugins","kubernetes"],"sub_categories":["Installing plugins via awesome-kubectl-plugins"],"readme":"![Dumpy Logo](dumpy.png )\n\n# Dumpy - Kubernetes Network Traffic Capture Plugin\n\nDumpy is an advanced kubectl plugin designed for Kubernetes administrators, providing seamless network traffic capture using tcpdump from various resources. It excels in isolating captures to specific pod containers or nodes, ensuring security and accurate analysis. Dumpy dynamically creates dedicated sniffers that run tcpdump for each target.\n\n\n- [Features](#features)\n- [Quick Start](#quick-start)\n  - [Installation](#installation)\n  - [Capture Network Traffic](#capture-network-traffic)\n  - [Capture Details](#get-capture-details)\n  - [Export Captures](#export-captures)\n  - [More Dumpy Operations](#more-dumpy-operations)\n- [Contribution](#contribution)\n- [License](#license)\n\n## Features\n\n- **Dynamic Sniffer Creation:** Optimizes resource utilization by creating a dedicated sniffer for each target, guaranteeing accurate and unobtrusive analysis.\n\n- **Flexible Filtering:** Apply custom TCPDump filters for fine-grained control over captured data.\n\n- **Persistent Volume Claim (PVC) Support:** Dumpy supports PVCs to store network captures, crucial for production environments. This feature ensures worker nodes storage disks are not impacted during captures.\n\n- **Process Namespace Isolation:** Ensures security by leveraging PID namespaces, running `tcpdump` exclusively within the targeted container's PID namespace.\n\n- **Deployment Flexibility:** Deploy Dumpy sniffers in a separate namespace, offering adaptability to various security policies and restrictions in production environments. This ensures compatibility without compromising the effectiveness of network traffic capture.\n\n- **Export Capabilities:** Export captured data in PCAP format for further analysis.\n\n- **Concurrent Captures**: Ability to run mutliple dumpy captures concurrently.  \n\n## Quick Start\n\n### Installation\nThere are two ways to install Dumpy: \n\n**1. Using Krew:**\n```bash\nkubectl krew install dumpy\n```\n**2. Manual installation:**\n\nDownload the right [release](https://github.com/larryTheSlap/dumpy/releases) for your OS  , unzip it then move the `kubectl-dumpy` binary where kubectl is located.\n- linux install:\n```bash\ncurl -L -O https://github.com/larryTheSlap/dumpy/releases/download/v0.2.1/dumpy_Linux_x86_64.tar.gz\ntar xf dumpy_Linux_x86_64.tar.gz \nchmod +x kubectl-dumpy \u0026\u0026 sudo mv kubectl-dumpy /usr/bin/kubectl-dumpy\n```\n### Capture Network Traffic\n\nDeploy sniffers to capture traffic from target pods :\n```bash\nkubectl dumpy capture \u003cpod|deployment|replicaset|daemonset|statefulset|node\u003e \u003cresourceName\u003e \\\n  -n \u003ccaptureNamespace\u003e      \\ # Namespace where dumpy sniffers will be deployed           (default: current namespace) \n  -t \u003ctargetNamespace\u003e       \\ # Target resource namespace                                 (default: captureNamespace)\n  -f \u003ctcpdumpFilters\u003e        \\ # Tcpdump filters for capture                               (default: \"-i any\")\n  -c \u003ccontainerName\u003e         \\ # Specific target container for multi-container pods        (default: Main container)\n  -v \u003cpvcName\u003e               \\ # PVC name that sniffers mount to store tcpdump captures, RWX PVC for mutli-pod\n  -i \u003cdumpyImage\u003e            \\ # Dumpy docker image for private clusters                   (default: larrytheslap/dumpy:latest) \n  -s \u003cimagePullSecret\u003e       \\ # Image pull secret name for private clusters to pull dumpy image\n  --name \u003ccaptureName\u003e       \\ # Set specific capture name, if not set dumpy generates it  (default: dumpy-\u003cID\u003e) \n\n```\nExample: \n```bash\n# Deployment nginx-deploy in foo-ns with 3 replicas\n$ kubectl get pod -n foo-ns\nNAME                            READY   STATUS    RESTARTS   AGE\nnginx-deploy-846d6f46b7-6v8jz   1/1     Running   0          11s\nnginx-deploy-846d6f46b7-hz5s2   1/1     Running   0          11s\nnginx-deploy-846d6f46b7-lss7q   1/1     Running   0          11s\n\n# capture http traffic from nginx-deploy\n$ kubectl dumpy capture deploy nginx-deploy -n foo-ns -f \"-i any port 80\"\nGetting target resource info..\nDumpy init\n\nCapture name: dumpy-49366665\n\n  PodName: nginx-deploy-846d6f46b7-lss7q\n  ContainerName: nginx\n  ContainerID: 9f98acdf651372b1a16c7cfbb346716915d355943e70347d730ba46017c85384\n  NodeName: kind-worker3\n\n\n  PodName: nginx-deploy-846d6f46b7-hz5s2\n  ContainerName: nginx\n  ContainerID: 02c473d2ffae82a9cd7754733eef7a5deb71a09903118eb2820d81a1311d0869\n  NodeName: kind-worker\n\n\n  PodName: nginx-deploy-846d6f46b7-6v8jz\n  ContainerName: nginx\n  ContainerID: bd023032b481cd257e633aeda9c440afb13b205adf3445a5efad2bfc4fdd7e43\n  NodeName: kind-worker2\n\nsniffer-dumpy-49366665-1122 started sniffing\nsniffer-dumpy-49366665-2382 started sniffing\nsniffer-dumpy-49366665-7759 started sniffing\nAll dumpy sniffers are Ready.\n```\nFlag usage :\n```bash\n# capture all traffic from foo pod in current namespace\n  kubectl dumpy capture pod foo\n# capture all traffic from foo pod in foo-ns with specific capture name\n  kubectl dumpy capture pod foo -t foo-ns --name \u003ccaptureName\u003e\n# capture traffic from foo pod using tcpdump filters\n  kubectl dumpy capture pod foo -f \"-i any host 10.0.0.1 and port 80\"\n# capture traffic from foo pod specific container foo-cont\n  kubectl dumpy capture pod foo -c foo-cont\n# capture traffic from deployment foo-deploy in foo-ns namespace with sniffers in bar-ns\n  kubectl dumpy capture deploy foo-deploy -t foo-ns -n bar-ns\n# set dumpy image from private repository using docker pullSecret\n  kubectl dumpy capture deploy foo-deploy -i \u003crepository\u003e/\u003cpath\u003e/dumpy:latest -s \u003csecretName\u003e\n# set pvc volume [RWX for multiple sniffers] to store tcpdump captures\n  kubectl dumpy capture daemonset foo-ds -v \u003cpvcName\u003e\n# capture traffic from node worker-node\n  kubectl dumpy capture node worker-node\n# capture traffic from all nodes\n  kubectl dumpy capture node all\n```\n\n### Capture Details\nWhen deploying multiple captures or to get details about them, use dumpy command `get` with no arguments to show minified details in table format about captures running in the specified namespace:\n```bash\n$ kubectl dumpy get -n foo-ns\nNAME            NAMESPACE  TARGET                   TARGETNAMESPACE  TCPDUMPFILTERS                      SNIFFERS\n----            ---------  ------                   ---------------  --------------                      --------\ndumpy-51994723  foo-ns     pod/p-test-2             foo-ns           -i any host 10.0.0.13 and port 443  1/1\ndumpy-80508655  foo-ns     deployment/bar-deploy    foo-ns           -i any port 443                     3/3\nmycap           foo-ns     pod/p-test-1             foo-ns           -i any                              1/1\ndumpy-49366665  foo-ns     deployment/nginx-deploy  foo-ns           -i any port 80                      3/3\ncap-node        foo-ns     node/worker-node                          -i any                              1/1\n```\nIt is also possible to get more details about a specific capture by adding the capture name :\n```bash\n$ kubectl dumpy get -n foo-ns dumpy-80508655\nGetting capture details..\n\nname: dumpy-80508655\nnamespace: foo-ns\ntcpdumpfilters: -i any port 443\nimage: larrytheslap/dumpy:latest\ntargetSpec:\n    name: bar-deploy\n    namespace: foo-ns\n    type: deployment\n    container: nginx\n    items:\n        bar-deploy-58974b698b-fv9kb  \u003c-----  sniffer-dumpy-80508655-2245 [Running]\n        bar-deploy-58974b698b-vxxx6  \u003c-----  sniffer-dumpy-80508655-3634 [Running]\n        bar-deploy-58974b698b-g44np  \u003c-----  sniffer-dumpy-80508655-7969 [Running]\n\npvc:\npullsecret:\n```\n### Export Captures\nExtract tcpdump .pcap files directly from capture sniffers using `export` command :\n```bash\n$ kubectl dumpy export \u003ccaptureName\u003e \u003ctargetDir\u003e [-n captureNamespace]\n```\nExample: \n```bash\n$ kubectl dumpy export dumpy-49366665 /tmp/dumps -n foo-ns\nDownloading capture dumps from sniffers:\n  nginx-deploy-846d6f46b7-lss7q ---\u003e path /tmp/dumps/dumpy-49366665-nginx-deploy-846d6f46b7-lss7q.pcap\n  nginx-deploy-846d6f46b7-6v8jz ---\u003e path /tmp/dumps/dumpy-49366665-nginx-deploy-846d6f46b7-6v8jz.pcap\n  nginx-deploy-846d6f46b7-hz5s2 ---\u003e path /tmp/dumps/dumpy-49366665-nginx-deploy-846d6f46b7-hz5s2.pcap\n```\n### More Dumpy Operations\n- `delete` command to remove capture and related sniffers\n```bash\nkubectl dumpy delete \u003ccaptureName\u003e [-n captureNamespace]\n```\n- `restart` command to redeploy specified capture sniffers with ability to use new tcpdump filters\n```bash\nkubectl dumpy restart \u003ccaptureName\u003e [-n captureNamespace] [-f tcpdump filters]\n```\n- `stop` command to terminate tcpdump process on sniffers\n```bash\nkubectl dumpy stop \u003ccaptureName\u003e [-n captureNamespace]\n```\n## Notes:\n- Dumpy captures only exists as long as the sniffers do.\n- Docker image is publicly available on [DockerHub](https://hub.docker.com/r/larrytheslap/dumpy) : \n```bash\n$ docker pull larrytheslap/dumpy\n```\n- Dumpy support all kubernetes clusters with runtimes: `[containerd, docker, crio]`\n- Sniffer pods will also log traffic to stdout, helpful to validate the capture setup :\n```bash\n$ kubectl logs -n foo-ns sniffer-mycap-7181\n#  ______  _   _ ___  _________ __   __\n#  |  _  \\| | | ||  \\/  || ___ \\\\ \\ / /\n#  | | | || | | || .  . || |_/ / \\ V /\n#  | | | || | | || |\\/| ||  __/   \\ /\n#  | |/ / | |_| || |  | || |      | |\n#  |___/   \\___/ \\_|  |_/\\_|      \\_/\n#\n#\n[INFO] #### using bin /usr/local/bin/crictl\n\n[INFO] #### target container PID : 1688\n[INFO] #### starting capture on target pod..\n[INFO] #### Dumpy sniffer PID: 1999\ntcpdump: data link type LINUX_SLL2\ntcpdump: listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes\nreading from file -, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144\n23:56:25.637654 eth0  Out IP6 fe80::4448:2fff:fe86:18a0 \u003e ff02::2: ICMP6, router solicitation, length 16\n00:09:47.923265 eth0  B   ARP, Request who-has 10.244.2.5 tell 10.244.2.1, length 28\n00:09:47.923271 eth0  Out ARP, Reply 10.244.2.5 is-at 46:48:2f:86:18:a0 (oui Unknown), length 28\n00:09:47.923273 eth0  In  IP 10.244.1.5.55676 \u003e 10.244.2.5.80: Flags [S], seq 1393873422, win 64240, options [mss 1460,sackOK,TS val 3667806333 ecr 0,nop,wscale 7], length 0\n00:09:47.923282 eth0  Out IP 10.244.2.5.80 \u003e 10.244.1.5.55676: Flags [S.], seq 1297939382, ack 1393873423, win 65160, options [mss 1460,sackOK,TS val 118234409 ecr 3667806333,nop,wscale 7], length 0\n00:09:47.923316 eth0  In  IP 10.244.1.5.55676 \u003e 10.244.2.5.80: Flags [.], ack 1, win 502, options [nop,nop,TS val 3667806333 ecr 118234409], length 0\n00:09:47.923566 eth0  In  IP 10.244.1.5.55676 \u003e 10.244.2.5.80: Flags [P.], seq 1:75, ack 1, win 502, options [nop,nop,TS val 3667806333 ecr 118234409], length 74: HTTP: GET / HTTP/1.1\n00:09:47.923585 eth0  Out IP 10.244.2.5.80 \u003e 10.244.1.5.55676: Flags [.], ack 75, win 509, options [nop,nop,TS val 118234409 ecr 3667806333], length 0\n00:09:47.923690 eth0  Out IP 10.244.2.5.80 \u003e 10.244.1.5.55676: Flags [P.], seq 1:239, ack 75, win 509, options [nop,nop,TS val 118234410 ecr 3667806333], length 238: HTTP: HTTP/1.1 200 OK\n00:09:47.923724 eth0  In  IP 10.244.1.5.55676 \u003e 10.244.2.5.80: Flags [.], ack 239, win 501, options [nop,nop,TS val 3667806334 ecr 118234410], length 0\n```\n\n## Contribution\n\nDumpy is open-source, and we welcome contributions. [Open issues](https://github.com/larryTheSlap/dumpy/issues) or submit pull requests to enhance functionality or fix bugs.\n\n## License\n\nDumpy is licensed under the [Apache License 2.0](LICENSE). Feel free to use, modify, and distribute the code according to the terms of the Apache 2.0 License.\n\nHappy Sniffing!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FlarryTheSlap%2Fdumpy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FlarryTheSlap%2Fdumpy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FlarryTheSlap%2Fdumpy/lists"}