Network Visibility of External Connections from Dockerized Applications on Windows Host

Hello all!

I am doing a viability study on the possible Dockerization of a V&V environment. The applications constituting this service need full network visibility of the external connections of the host to decode data from a external computers. For example, I have a system generating UDP traffic that my application running in a container should capture and decode. I encountered significant issues with network transparency when running Docker on a Windows host, even when using Hyper-V and WSL2. The applications require access to all the network traffic processed externally by the host, but Docker’s network isolation is problematic and the needed virtualization layer to host the Docker engine, seems problematic. I tried various setups, including TAP adapters and network bridges, but faced constraints due to security policies. I found that running Docker directly on a Linux host provides the necessary network visibility.

  1. How can I achieve, if possible, full network visibility for Docker containers on a Windows host?
  2. If it is not achievable, are there any alternative containerization tools or configurations that can bypass these network isolation issues?

For context, to validate each different configuration tested, I am using a container able to run Wireshark to test the accessibility to the traffic of interest. I am running with the highest level of privileges possible to try and reach any possibility of reading the traffic generated/processed external to the container.

I am also aware of the existance of new tools in Beta stage like “Host Networking” that in principle allow one to do exactly what I am looking for. However, I cannot manage to enable its features after what it looks a decent setup of the tool.

Any guidance or suggestions would be greatly appreciated!