Ask Your Question
0

How capture traffic from docker container?

asked 2021-11-04 17:33:48 +0000

bartho gravatar image

I'm trying to follow the instructions in this answer over on stackexchange: https://stackoverflow.com/a/48386901/...

However, after creating and starting a docker container (step 2), I still don't see any interface that I could assume would correspond to that docker container.

As a test, I pinged a random website from the docker container, and went through all my interfaces in wireshark to see if I could find it. I couldn't. For details on that, please see this post I made on stack exchange https://superuser.com/questions/16856...

Why can't I see any interface corresponding to my docker container on wireshark?

Some background: The whole reason for this is that I want to set up a super secure way of using voip calling. Based on my limited understanding, I believe the best way to do this is to run the program inside a docker container so that it's isolated from my main system. Before I use it to actually communicate with others, I want to get a better understanding of all the data that's going in and out of the program (i.e. if there is any personally identifying data) by using wireshark to analyze packets. Please let me know if there's an easier way, or if I'm going about this the wrong way.

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2023-06-22 09:26:55 +0000

thediveo gravatar image

updated 2023-06-22 09:28:08 +0000

May I present: Edgeshark open source project for capturing from containers without having to modify them, or do docker exec/docker run CLI "dances"? Just browse and then click.

start Wireshark container capture from the comfy of your desktop system

This then transfers you to Wireshark and automatically starts a capture session for your (remote) container.

live container traffic streaming

No need to change containers, just deploy Edgeshark and install the Edgeshark extcap plugin.

edit flag offensive delete link more

Comments

Looks like a fresh repository in Github. Code has been around a while and is stable?
You might want to include a link over on the Wireshark discord server (link available at top level of this site)
Update: Link added to #developer-den by @grahamb

Chuckc gravatar imageChuckc ( 2023-06-22 09:52:34 +0000 )edit

Edgeshark was originally an internal project that Siemens decided to Open Source; it's around for roundabout four or five years IIRC. We consider it stable with our regional centers using it for one and a half years now with our Industrial Edge platform, and other Siemen internal users have used it for over three years or so now.

thediveo gravatar imagethediveo ( 2023-06-22 10:49:27 +0000 )edit

Kubernetes is needed, right?

hatvanis gravatar imagehatvanis ( 2023-12-13 10:39:58 +0000 )edit

@hatvanis no, Kubernetes isn't needed. Please check out the details here: https://edgeshark.siemens.io

thediveo gravatar imagethediveo ( 2023-12-25 18:45:08 +0000 )edit
0

answered 2021-11-05 15:12:23 +0000

julscampa gravatar image

You could try using something like this https://hub.docker.com/r/nicolaka/net.... To capture the traffic from a docker container you need to connect to it's network namespace so you can tap into the docker container network traffic. To accomplish that you could run the netshoot container. You can run something like docker run -it --rm --net container:container_name nicolaka/netshoot tcpdump. That command will bind the netshoot container to the network namespace of the container that is running your VoIP service and through tcpdump it will capture all of it's traffic. Hope that helps.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2021-11-04 17:33:48 +0000

Seen: 34,696 times

Last updated: Jun 22 '23