As the title says, I need build a docker container able to sniff all the traffic on the network .

This is my docker-compose file at the moment:

services:
  opencpn:
    build:
      context: ./opencpn
      dockerfile: Dockerfile
    container_name: opencpn
    image: opencpn
    ports:
      - "8080:8080"
    networks:
      ship:
        ipv4_address: 172.20.0.2

  proxyais:
    build:
      context: ./proxyais
      dockerfile: Dockerfile
    image: proxyais
    container_name: proxyais
    ports:
      - "10110:10110/udp"
      - "18304:18304/udp"
    networks:
      ship:
        ipv4_address: 172.20.0.3
    environment:
      - VDR=127.0.0.1
      - IPR=172.20.0.3
      - BRIDGE=172.20.0.2
      - VH=172.20.0.4
      - GW=172.20.0.1

  suricata:
    build:
      context: ./suricata
      dockerfile: Dockerfile
    image: suricata
    container_name: suricata
    cap_add:
      - NET_ADMIN
      - SYS_NICE
    # network_mode: host <-- it works but I don't want to use it like this
    networks:
      ship:
        ipv4_address: 172.20.0.5

networks:
  ship:
    name: ship_network
    ipam:
      config:
        - subnet: 172.20.0.0/16
          gateway: 172.20.0.1

If I open a shell in the suricata service container and I lunch a tcpdump , I only get the broadcast packages instead of getting all the traffic as I need.

I was able to achieve my goal by setting the network_mode: host , but than in the sniffer container I’m supposed to attach tcpdump on another interface ( br-xxxxx ) which change every time the compose goes up, so I don’t want to use it.

I’m getting crazy, how the hell am I suppose to make a promiscuous container?!?

Thank you in advance!