Troubleshooting Networking Issues in Kubernetes (tcpdump, netshoot, Wireshark)

Networking is one of the most critical yet complex aspects of Kubernetes. Even a small misconfiguration can lead to service disruptions, failed pod communication, or broken ingress traffic.

Have you ever faced issues like:

?? Pods unable to reach services?

?? External traffic failing to reach your application?

?? Intermittent network failures with no clear logs?

This is where powerful networking tools like tcpdump, netshoot, and Wireshark come in! ??

?? Why Troubleshoot Kubernetes Networking?

? Identify dropped packets & network latency

? Inspect traffic between pods, services, and nodes

? Debug DNS resolution issues inside Kubernetes

? Monitor ingress and egress traffic flow

?? Without proper networking visibility, debugging Kubernetes connectivity issues can be a nightmare!

?? Common Kubernetes Networking Issues & How to Detect Them

Issue Possible Causes Troubleshooting Tools Pods cannot reach each other NetworkPolicy blocking traffic kubectl describe networkpolicy Service is unreachable Wrong Service type (ClusterIP instead of NodePort) kubectl get svc DNS resolution fails CoreDNS misconfiguration kubectl logs -n kube-system -l k8s-app=kube-dns External traffic doesn’t reach pods Misconfigured Ingress/Firewall rules netshoot, tcpdump, Wireshark High network latency Overloaded network interfaces iftop, netstat, ping

?? We will now explore step-by-step scenarios using real-world debugging techniques!

?? Scenario 1: Capturing Network Traffic Between Two Pods (tcpdump & netshoot)

?? Overview

Imagine your frontend pod cannot connect to the backend service. You need to determine: ? Is the request reaching the backend pod?

? Is there a packet drop or firewall blocking the traffic?

?? Use Case: Troubleshooting Pod-to-Pod connectivity inside Kubernetes.

Step 1: Deploy a Frontend and Backend Application

Create Backend Deployment (backend.yaml)

apiVersion: apps/v1
kind: Deployment
metadata:
  name: backend
spec:
  replicas: 1
  selector:
    matchLabels:
      app: backend
  template:
    metadata:
      labels:
        app: backend
    spec:
      containers:
      - name: backend
        image: nginx
        ports:
        - containerPort: 80        

Expose Backend via a ClusterIP Service (backend-service.yaml)

apiVersion: v1
kind: Service
metadata:
  name: backend-service
spec:
  selector:
    app: backend
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
  type: ClusterIP        

Apply both manifests:

kubectl apply -f backend.yaml
kubectl apply -f backend-service.yaml        

? Backend is now deployed inside the cluster!

Step 2: Deploy a Frontend Pod for Testing

apiVersion: v1
kind: Pod
metadata:
  name: frontend
spec:
  containers:
  - name: busybox
    image: busybox
    command: ["sleep", "3600"]        

Apply it:

kubectl apply -f frontend.yaml        

? Frontend pod is now running and ready to test connectivity!

Step 3: Capture Network Packets Using tcpdump & netshoot

First, deploy a debugging tool inside Kubernetes:

kubectl run netshoot --rm -it --image=nicolaka/netshoot -- /bin/bash        

Now, capture traffic between frontend and backend using tcpdump:

tcpdump -i eth0 port 80 -nn -vv        

Step 4: Test Connectivity from Frontend to Backend

Exec into the frontend pod and send a request to the backend:

kubectl exec -it frontend -- wget -qO- https://backend-service        

Expected tcpdump output on netshoot:

IP 10.244.1.10.4321 > 10.244.2.15.80: Flags [S], seq 12345
IP 10.244.2.15.80 > 10.244.1.10.4321: Flags [S.], seq 67890        

? If you see packet exchanges, network connectivity is working.

Step 5: If No Packets Are Captured, Check Network Policies

Describe active network policies:

kubectl get networkpolicy
kubectl describe networkpolicy allow-frontend-to-backend        

Modify the policy if needed or temporarily delete it for debugging:

kubectl delete networkpolicy allow-frontend-to-backend        

? Now retry the request from frontend to backend. If it works, the issue was the NetworkPolicy!

?? Scenario 2: Debugging DNS Resolution Issues (Wireshark & CoreDNS Logs)

?? Overview

A pod is failing to resolve an external domain (google.com) or internal service (backend-service).

?? Use Case: Troubleshooting DNS resolution failures in Kubernetes.

Step 1: Capture DNS Queries Using tcpdump

Run a debugging pod:

kubectl run debug-pod --rm -it --image=nicolaka/netshoot -- /bin/bash        

Start capturing DNS packets:

tcpdump -i eth0 port 53 -nn -vv        

Step 2: Test DNS Resolution from a Pod

Exec into another pod and run:

kubectl exec -it frontend -- nslookup backend-service        

If DNS is working, you will see:

Server:  10.96.0.10
Address: 10.96.0.10#53

Name: backend-service.default.svc.cluster.local
Address: 10.100.1.50        

If DNS fails, check CoreDNS logs:

kubectl logs -n kube-system -l k8s-app=kube-dns        

? If there are errors, restart CoreDNS:

kubectl rollout restart deployment coredns -n kube-system        

? Now retry DNS resolution—it should work!

?? Scenario 3: Debugging External Traffic Issues Using Wireshark

?? Overview

You deployed a LoadBalancer service, but external users cannot access your app.

?? Use Case: Identify packet drops between external clients and Kubernetes services.

Step 1: Capture Incoming Traffic on a Node

Find your Node’s external IP:

kubectl get nodes -o wide        

Run Wireshark or tcpdump on the node:

sudo tcpdump -i eth0 port 80        

If you see incoming requests but your app doesn’t respond, check Kubernetes service configuration:

kubectl describe svc my-app-service        

Common issues:

• Wrong Service type (should be LoadBalancer)
• Firewall blocking external traffic (open port 80 using ufw or iptables)

? Fix the issue and test again!

?? Key Takeaways

• Use tcpdump & netshoot to capture network traffic inside Kubernetes.
• Use Wireshark to analyze packet flows for external traffic issues.
• Debug DNS failures using nslookup, CoreDNS logs, and tcpdump.
• Network Policies and Firewalls can block traffic—always verify them!

?? Let’s Discuss!

What tools do you use for troubleshooting Kubernetes networking issues? Have you used tcpdump, netshoot, or Wireshark in production? Let’s discuss in the comments!

Follow Bavithran M for more DevOps, Kubernetes, and cloud-native insights.

Found this useful? Share it with your network!