First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

How capture traffic from docker container?

I'm trying to follow the instructions in this answer over on stackexchange: https://stackoverflow.com/a/48386901/...

However, after creating and starting a docker container (step 2), I still don't see any interface that I could assume would correspond to that docker container.

As a test, I pinged a random website from the docker container, and went through all my interfaces in wireshark to see if I could find it. I couldn't. For details on that, please see this post I made on stack exchange https://superuser.com/questions/16856...

Why can't I see any interface corresponding to my docker container on wireshark?

Some background: The whole reason for this is that I want to set up a super secure way of using voip calling. Based on my limited understanding, I believe the best way to do this is to run the program inside a docker container so that it's isolated from my main system. Before I use it to actually communicate with others, I want to get a better understanding of all the data that's going in and out of the program (i.e. if there is any personally identifying data) by using wireshark to analyze packets. Please let me know if there's an easier way, or if I'm going about this the wrong way.

bartho's avatar
1
bartho
asked 2021-11-04 17:33:48 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

2 Answers

0

You could try using something like this https://hub.docker.com/r/nicolaka/net.... To capture the traffic from a docker container you need to connect to it's network namespace so you can tap into the docker container network traffic. To accomplish that you could run the netshoot container. You can run something like docker run -it --rm --net container:container_name nicolaka/netshoot tcpdump. That command will bind the netshoot container to the network namespace of the container that is running your VoIP service and through tcpdump it will capture all of it's traffic. Hope that helps.

julscampa's avatar
1
julscampa
answered 2021-11-05 15:12:23 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments
0

May I present: Edgeshark open source project for capturing from containers without having to modify them, or do docker exec/docker run CLI "dances"? Just browse and then click.

start Wireshark container capture from the comfy of your desktop system

This then transfers you to Wireshark and automatically starts a capture session for your (remote) container.

live container traffic streaming

No need to change containers, just deploy Edgeshark and install the Edgeshark extcap plugin.

thediveo's avatar
28
thediveo
answered 2023-06-22 09:26:55 +0000, updated 2023-06-22 09:28:08 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Looks like a fresh repository in Github. Code has been around a while and is stable?
You might want to include a link over on the Wireshark discord server (link available at top level of this site)
Update: Link added to #developer-den by @grahamb

Chuckc's avatar Chuckc (2023-06-22 09:52:34 +0000) edit
more
  • delete

Edgeshark was originally an internal project that Siemens decided to Open Source; it's around for roundabout four or five years IIRC. We consider it stable with our regional centers using it for one and a half years now with our Industrial Edge platform, and other Siemen internal users have used it for over three years or so now.

thediveo's avatar thediveo (2023-06-22 10:49:27 +0000) edit
more
  • delete

Kubernetes is needed, right?

hatvanis's avatar hatvanis (2023-12-13 10:39:58 +0000) edit
more
  • delete

@hatvanis no, Kubernetes isn't needed. Please check out the details here: https://edgeshark.siemens.io

thediveo's avatar thediveo (2023-12-25 18:45:08 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer