As the title says, I need build a docker container able to sniff all the traffic on the network .
This is my docker-compose file at the moment:
services: opencpn: build: context: ./opencpn dockerfile: Dockerfile container_name: opencpn image: opencpn ports: - "8080:8080" networks: ship: ipv4_address: 172.20.0.2 proxyais: build: context: ./proxyais dockerfile: Dockerfile image: proxyais container_name: proxyais ports: - "10110:10110/udp" - "18304:18304/udp" networks: ship: ipv4_address: 172.20.0.3 environment: - VDR=127.0.0.1 - IPR=172.20.0.3 - BRIDGE=172.20.0.2 - VH=172.20.0.4 - GW=172.20.0.1 suricata: build: context: ./suricata dockerfile: Dockerfile image: suricata container_name: suricata cap_add: - NET_ADMIN - SYS_NICE # network_mode: host <-- it works but I don't want to use it like this networks: ship: ipv4_address: 172.20.0.5 networks: ship: name: ship_network ipam: config: - subnet: 172.20.0.0/16 gateway: 172.20.0.1
If I open a shell in the suricata service container and I lunch a tcpdump , I only get the broadcast packages instead of getting all the traffic as I need.
I was able to achieve my goal by setting the network_mode: host , but than in the sniffer container I’m supposed to attach tcpdump on another interface ( br-xxxxx ) which change every time the compose goes up, so I don’t want to use it.
I’m getting crazy, how the hell am I suppose to make a promiscuous container?!?
Thank you in advance!