Seeing and interacting with layer 2 on the host

Since the release of Kali Linux’s docker image, I have been wondering how or why I’d ever use it. However, I’m getting to the point now to where managing VMs is becoming a pain and hard to scale with our customers as we’re having to run updates and not be able to test them before using these VMs for executing one of our services.

With the use of docker, we’d be able to maintain a centralized docker container and simply push it out to a VM every time we’re ready to use it.

However, one of the concerns that I have with using a Kali Linux docker VM is that it may not be possible to interact with layer 2 on the host. For example, it is pretty critical that the docker container can inspect ARP traffic on the default ethernet interface that the VM is using, but I’m not quite sure how this may be possible.

Are there any specific docker-compose network configurations that I need to look into? Layer 3 is easier because I can configure the docker to basically listen in on a port and have the host listen on that port as well.

But on layer 2 for example, I’m not sure this is possible.

I assume you mean image (what you build with a Dockerfile) instead of container (the runtime instance of an image).

What you are looking for is impossible with bridged or overlay networks.
Though, it works if you configure the container to share the host’s network interfaces namespace and thus acting network-wise like any other process on the host. This will make publishing ports obselete as all ports of the container will be bound on the hosts network interface. If you create another container of the same image on the same host, it will fail due the port beeing used already.

You can add this declaration to your compose service:

network_mode: "host"

Though, this will not work with docker swarm deployments.