Trace the traffic of a docker container

Trace the traffic of a docker container

You have a container. Its being bad. Bad container, bad. You want to know what’s going on inside it from a networking standpoint. But, because you believe in security, you have removed root, of course you cannot just do tcpdump or tcpflow. So, what to do?

Here’s the recipe. Replace NAME with the name or container id.

pid=$(docker inspect -f '{{.State.Pid}}' NAME)
ln -sfT /proc/$pid/ns/net /var/run/netns/$pid
ip netns exec $pid bash

Boom, we have a root shell. If we run ‘ifconfig’ we see just 2 interfaces (eth0, lo). Have at it with your favourite network tool.

Leave a Reply

Your email address will not be published. Required fields are marked *

*