Dynamic Packet Capture

Generate PCAP files on nodes associated with pods targeted for packet capture, to debug microservices and application interaction



Packet capture (PCAP) is a valuable technique for debugging microservices and application interaction in day-to-day operations and incident response. But generating PCAP files to diagnose performance hotspots and connectivity issues in Kubernetes clusters can be a frustrating exercise in a dynamic environment where hundreds, possibly thousands of pods are continually being created and destroyed.

Calico Dynamic Packet Capture is a Kubernetes-native way to capture packets from a specific pod or collection of pods with specified packet sizes and duration, in order to troubleshoot performance hotspots and connectivity issues faster. A command-line interface makes it easy to use tools like Wireshark to transfer generated PCAP files that are distributed across nodes, directly to your local machine for analysis.


  • Simplify the process of initiating packet capture jobs by specifying a pod or collection of pods
  • Utilize the existing label-based approach to target workloads’ in-network policies, to identify single or multiple workload endpoints for capturing live traffic.
  • Enable a self-service model with role-based access controls (RBAC), to allow teams to troubleshoot workloads within their own namespaces without impacting the rest of the Kubernetes cluster.
  • Integrate with local desktop analysis tools like Wireshark for analysis.


  • Specify packet capture size using two criteria: duration and number of packets.
  • Auto-terminate packet capture when specified criteria, such as packet capture size, number of packets, or duration, are met.
  • List the protocols and ports to perform packet capture, eliminate extraneous traffic and troubleshoot applications and microservices faster.
  • Use the calicoctl command-line utility to automatically pull PCAP files from the right pods depending on where workloads are running.
  • Integrate with RBAC to ensure that development teams and service owners only have access to the files associated with their pod(s) or namespaces.

How It Works


Capture live traffic inside a Kubernetes cluster, and export to visualization tools like Wireshark for troubleshooting and debugging applications. To learn more, see: Calico Enterprise - Packet capture



Learn More

Technical Blog

Learn More

Solution Brief

Learn More