You have a container. Its being bad. Bad container, bad. You want to know what’s going on inside it from a networking standpoint. But, because you believe in security, you have removed root, of course you cannot just do tcpdump or tcpflow. So, what to do?
Here’s the recipe. Replace NAME with the name or container id.
pid=$(docker inspect -f '{{.State.Pid}}' NAME)
ln -sfT /proc/$pid/ns/net /var/run/netns/$pid
ip netns exec $pid bashBoom, we have a root shell. If we run ‘ifconfig’ we see just 2 interfaces (eth0, lo). Have at it with your favourite network tool.
Leave a Reply