This article shows how to capture Docker container’s network traffic in a few easy steps.

First, prepare the following Dockerfile. It would be best to store it in an empty directory.

FROM alpine:latest
RUN apk add --no-cache tcpdump
CMD tcpdump -i any

Now, we have to build a docker image. Go to the directory that contains the Dockerfile and run the following command.

docker build -t tcpdump .

The docker image should be ready for use now.

You can run the following command to capture all network traffic from the specified container. It’ll be stored in the local directory in the dump.pcap file.

docker run --rm -v $(pwd):/dump --tty --net=container:<container_name> tcpdump tcpdump -i any -w /dump/dump.pcap

The above command runs a new container that attaches to the network of the container that we want to sniff. It then runs tcpdump which listens on all network interfaces. Docker will clean up after itself (--rm flag).