Traffic capture

Warning

This feature is experimental and has a known limitation that it will OOM for large traces on a given socket. It can also be disabled in the build if there are security concerns, see https://github.com/envoyproxy/envoy/blob/master/bazel/README.md#disabling-extensions.

To configure traffic capture, add an envoy.transport_sockets.capture transport socket to the listener or cluster. For a plain text socket this might look like:

For a TLS socket, this will be:

Each unique socket instance will generate a trace file prefixed with path_prefix. E.g. /some/capture/path_0.pb.

PCAP generation

The generated trace file can be converted to , suitable for analysis with tools such as Wireshark with the capture2pcap utility, e.g.: