This article shows how to capture Docker container’s network traffic in a few easy steps.
First, prepare the following Dockerfile. It would be best to store it in an empty directory.
FROM alpine:latest RUN apk add --no-cache tcpdump CMD tcpdump -i any
Now, we have to build a docker image. Go to the directory that contains the Dockerfile and run the following command.
docker build -t tcpdump .
The docker image should be ready for use now.
You can run the following command to capture all network traffic from the specified container. It’ll be stored in the local directory in the
docker run --rm -v $(pwd):/dump --tty --net=container:<container_name> tcpdump tcpdump -i any -w /dump/dump.pcap
The above command runs a new container that attaches to the network of the container that we want to sniff. It then runs
tcpdump which listens on all network interfaces. Docker will clean up after itself (