This post shows how you can inspect docker containers traffic with tcpdump on linux.
First find the docker names and the mac addresses.
bash $ for c in `sudo docker ps| grep -v CON| awk '{print $1}'`; do sudo docker inspect $c| jq ". |map({ (.Name): .NetworkSettings.Networks[].MacAddress })"; done [ { "/docker-demo_cortex2_1": "02:42:ac:12:00:08" } ] [ { "/docker-demo_consul_1": "02:42:ac:12:00:05" } ] [ { "/docker-demo_prometheus2_1": "02:42:ac:12:00:03" } ] [ { "/docker-demo_cortex3_1": "02:42:ac:12:00:09" } ] [ { "/docker-demo_cortex1_1": "02:42:ac:12:00:06" } ] [ { "/docker-demo_prometheus3_1": "02:42:ac:12:00:04" } ] [ { "/docker-demo_prometheus1_1": "02:42:ac:12:00:02" } ] [ { "/docker-demo_grafana_1": "02:42:ac:12:00:07" } ]
I want to inspect on /docker-demo_cortex1_1 so I list the forward table (fdb)
bash $ /sbin/bridge fdb |grep 02:42:ac:12:00:06 02:42:ac:12:00:06 dev vethee0ca4e master br-f9c7e5b79104This says that the dev `vethee0ca4e` forwards to the master bridge `br-f9c7e5b79104`
List what interfaces are into the system
bash$ sbin/ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000 link/ether 08:00:27:6f:ce:6d brd ff:ff:ff:ff:ff:ff 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default link/ether 02:42:cf:95:1a:17 brd ff:ff:ff:ff:ff:ff 4: br-f9c7e5b79104: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default link/ether 02:42:ae:f7:a0:c6 brd ff:ff:ff:ff:ff:ff 28: veth47b30a5@if27: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-f9c7e5b79104 state UP mode DEFAULT group default link/ether b2:23:05:8a:cd:4e brd ff:ff:ff:ff:ff:ff link-netnsid 0 30: veth95ec404@if29: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-f9c7e5b79104 state UP mode DEFAULT group default link/ether ba:41:85:94:67:39 brd ff:ff:ff:ff:ff:ff link-netnsid 1 32: veth246e156@if31: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-f9c7e5b79104 state UP mode DEFAULT group default link/ether 92:26:8e:09:97:af brd ff:ff:ff:ff:ff:ff link-netnsid 2 34: veth426ba55@if33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-f9c7e5b79104 state UP mode DEFAULT group default link/ether 6a:c0:12:86:30:0f brd ff:ff:ff:ff:ff:ff link-netnsid 5 38: veth91e2bee@if37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-f9c7e5b79104 state UP mode DEFAULT group default link/ether de:53:75:37:b0:88 brd ff:ff:ff:ff:ff:ff link-netnsid 6 40: veth9199c33@if39: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-f9c7e5b79104 state UP mode DEFAULT group default link/ether e2:d1:fa:61:83:cd brd ff:ff:ff:ff:ff:ff link-netnsid 3 42: vethdb6a7ca@if41: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-f9c7e5b79104 state UP mode DEFAULT group default link/ether ea:51:60:cc:6f:e8 brd ff:ff:ff:ff:ff:ff link-netnsid 4 44: vethee0ca4e@if43: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-f9c7e5b79104 state UP mode DEFAULT group default link/ether ca:b1:72:d1:c7:e2 brd ff:ff:ff:ff:ff:ff link-netnsid 7As you can see the interface that I want to inspect is listed as 44.
At this point just start a tcpdump on the interface
bash$ sudo tcpdump -nvv -s0 -A -i vethee0ca4eIn case you have multiple bridges configured onto the system it will help to fist find the master bridge you want to find.
bash$ sudo docker network ls NETWORK ID NAME DRIVER SCOPE bedcfa44fe2b bridge bridge local f9c7e5b79104 docker-demo_cortex_network bridge local 0d3a96789a7f host host local 1ecffcd51252 none null local
0 comments:
Post a Comment