github.com/inspektor-gadget/inspektor-gadget@v0.28.1/docs/builtin-gadgets/trace/sni.md

github.com/inspektor-gadget/inspektor-gadget@v0.28.1/docs/builtin-gadgets/trace/sni.md (about)

     1  ---
     2  title: 'Using trace sni'
     3  weight: 20
     4  description: >
     5    Trace Server Name Indication (SNI) from TLS requests.
     6  ---
     7  
     8  The trace sni gadget is used to trace the [Server Name Indication (SNI)](https://en.wikipedia.org/wiki/Server_Name_Indication) requests sent as part of TLS handshakes.
     9  
    10  ### On Kubernetes
    11  
    12  The SNI tracer will show which pods are making which SNI requests. To start it,
    13  we can run:
    14  
    15  ```bash
    16  $ kubectl gadget trace sni
    17  K8S.NODE           K8S.NAMESPACE      K8S.POD            PID        TID       COMM      NAME
    18  ```
    19  
    20  To generate some output for this example, let's create a demo pod in *another terminal*:
    21  
    22  ```bash
    23  $ kubectl run -it ubuntu --image ubuntu:latest -- /bin/bash
    24  root@ubuntu:/# apt update && apt install -y wget && wget wikimedia.org
    25  (...)
    26  HTTP request sent, awaiting response... 301 Moved Permanently
    27  Location: https://www.wikimedia.org/ [following]
    28  (...)
    29  root@ubuntu:/# wget www.github.com
    30  (...)
    31  HTTP request sent, awaiting response... 301 Moved Permanently
    32  Location: https://github.com/ [following]
    33  (...)
    34  ```
    35  
    36  Go back to *the first terminal* and see:
    37  
    38  ```
    39  K8S.NODE           K8S.NAMESPACE      K8S.POD            PID        TID       COMM      NAME
    40  minikube           default            ubuntu             3917791    3917791   wget      www.github.com
    41  minikube           default            ubuntu             3917791    3917791   wget      github.com
    42  minikube           default            ubuntu             3917812    3917812   wget      wikimedia.org
    43  minikube           default            ubuntu             3917812    3917812   wget      www.wikimedia.org
    44  
    45  ```
    46  
    47  We can see that each time our `wget` client connected to a different
    48  server, our tracer caught the Server Name Indication requested.
    49  
    50  #### Clean everything
    51  
    52  Congratulations! You reached the end of this guide!
    53  You can now delete the pod you created:
    54  
    55  ```bash
    56  $ kubectl delete pod ubuntu
    57  pod "ubuntu" deleted
    58  ```
    59  
    60  ### With `ig`
    61  
    62  Run the gadget in a terminal
    63  
    64  ```bash
    65  $ sudo ig trace sni -r docker -c test-trace-sni
    66  RUNTIME.CONTAINERNAME                  PID        TID        COMM             NAME
    67  ```
    68  
    69  Run a containers that establishs a TLS connection with a remote endpoint:
    70  
    71  ```bash
    72  $ docker run -it --rm --name test-trace-sni busybox /bin/sh -c "wget https://example.com"
    73  Connecting to example.com (93.184.216.34:443)
    74  wget: note: TLS certificate validation not implemented
    75  saving to 'index.html'
    76  index.html           100% |*******************************************************************************************************************************************************************|  1256  0:00:00 ETA
    77  'index.html' saved
    78  ```
    79  
    80  The gadget will show that Server Name Indication used by the request.
    81  
    82  ```bash
    83  $ sudo ig trace sni -r docker -c test-trace-sni
    84  RUNTIME.CONTAINERNAME                  PID        TID        COMM             NAME
    85  test-trace-sni                         3944366    3944366    wget             example.com
    86  ```