I’ve tried tcpdump
a few times and it seems that it cannot capture packets from docker containers. There are a bunch of How can I capture packets
questions. Often the answer is to use a sepearte tcpdump container within the same network as the container I want to capture the traffic. But none answers the questions why do I need this anyway?
I’m not sure, but I think docker
does some iptables magic, so I thought maybe this is the problem, but here it is mentioned that tcpdump
can capture traffic before iptables is doing its stuff.
So, what is the reason, that a command like this tcpdump -i any tcp port 80
on the host shows nothing or with tcpdump -i any
there is too much traffic and from what I saw, there is nothing relevant. It either doesn’t work with an IP of the container tcpdump -i any host 10.0.32.198
.
I tried the docker0
interface, or docker_gwbridge
.
None is working as expected.
If I use a separate container, like docker run --rm -it --net container:some-container-name nicolaka/netshoot
with the command tcpdump -i any -s0 -x -X port 80
it works.
Many thanks for your insight and time.