search

draios / sysdig

Linux system exploration and troubleshooting tool with first class support for containers
http://www.sysdig.com/
Other
7.8k stars 728 forks source link

How to distinguish between local ip and remote ip from socket ? #2028

Closed tanrenxuan closed 6 months ago

tanrenxuan commented 1 year ago

When I use sysdig to output some log related to network, I can't find the remote Ip from fd(socket) field. For example:

fd fd.lip fd.rip fd.lport fd.rport 10.10.0.67:51252->10.10.0.114:8080 10.10.0.114 10.10.0.67 8080 51252 10.10.0.67:51252->10.10.0.114:8080 10.10.0.114 10.10.0.67 8080 51252 10.10.0.67:51252->10.10.0.114:8080 10.10.0.114 10.10.0.67 8080 51252 10.10.0.67:51252->10.10.0.114:8080 27065 10.10.0.114 10.10.0.67 8080 51252 10.10.0.114:60986->10.102.100.24:8888 27084 10.102.100.24 10.10.0.114 8888 60986 10.10.0.114:60986->10.102.100.24:8888 27084 10.102.100.24 10.10.0.114 8888 60986

I use sysdig to record some fields in server 10.10.0.114, however, sometimes fd.lip records 10.10.0.114, and sometimes it records a different ip, which confused me.

github-actions[bot] commented 10 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions[bot] commented 6 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.