tcpdump a few times and it seems that it cannot capture packets from docker containers. There are a bunch of
How can I capture packets questions. Often the answer is to use a sepearte tcpdump container within the same network as the container I want to capture the traffic. But none answers the questions why do I need this anyway?
I’m not sure, but I think
docker does some iptables magic, so I thought maybe this is the problem, but here it is mentioned that
tcpdump can capture traffic before iptables is doing its stuff.
So, what is the reason, that a command like this
tcpdump -i any tcp port 80 on the host shows nothing or with
tcpdump -i any there is too much traffic and from what I saw, there is nothing relevant. It either doesn’t work with an IP of the container
tcpdump -i any host 10.0.32.198.
I tried the
docker0 interface, or
None is working as expected.
If I use a separate container, like
docker run --rm -it --net container:some-container-name nicolaka/netshoot with the command
tcpdump -i any -s0 -x -X port 80 it works.
Many thanks for your insight and time.