Match vethxxx interface to cri-o/runc container

Let say we have vethwepled1e9df interface and wanted to find what is container that use this interface

$ ifconfig vethwepled1e9df
vethwepled1e9df: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1376
ether 8e:d9:d3:1a:b4:22 txqueuelen 0 (Ethernet)
RX packets 51 bytes 9877 (9.8 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 144 bytes 13301 (13.3 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

Get the interface peer_ifindex. You mat cat it directly or use ethtool

$ cat /sys/class/net/vethwepled1e9df/iflink
127
$ ethtool -S vethwepled1e9df
NIC statistics:
peer_ifindex: 127

exec “cat /sys/class/net/eth0/iflink” to all containers, the one that have peer_ifindex = previous peer_ifindex+1

$ sudo crictl exec -it 7dc8a3a3806f6 cat /sys/class/net/eth0/iflink
128

So interface vethwepled1e9df is belong to container ID: 7dc8a3a3806f6

That’s all.

PS. if your container doesn’t have cat. So use tcpdump instead.

tcpdump -nnn -i vethwepled1e9df