This post is for Day 18 of Mercari Advent Calendar 2025, brought to you by @mshibuya from the Mercari Platform Network a

Mercari's platform is a resource for developers and technology enthusiasts, offering insights into engineering challenges, technology stack, and culture at Mercari. Through articles, tech talks, and open-source contributions, Mercari offers insights into building innovative and scalable technology solutions. Developers can learn about Mercari's engineering culture, agile methodologies, and contributions to the broader tech community.

Mercari Engineering

Mercari's Network team shares two methods for capturing network packets in Kubernetes environments. The primary approach uses Ephemeral Containers with tcpdump to capture unencrypted traffic at the pod level, enabling developers to self-service debug without node access. This method works well with Istio service mesh by capturing on all interfaces to see plaintext traffic. A secondary node-level approach using GKE SSH and CoreOS Toolbox is available for platform teams investigating node-wide issues, though it only captures encrypted traffic. The procedures include specific kubectl commands, permission requirements, and file retrieval steps designed for production troubleshooting.

Capturing Network Packets in Kubernetes

Why is Capturing Packets in Kubernetes Difficult?

Pod-Level Capture Using Ephemeral Containers