Mon, Jul 27, 2015docker pcap4j
Table of Contents
2 days ago, I posted an article How to capture packets on a local network with Pcap4J container.
Today, I was reading Docker Docs and found another way to do it. I’m writing about it here.
–net option for docker run
When we start a docker container we use
docker run command. It accepts some options.
--net is one of them, which is to set a network mode for a container.
--net takes are
bridge is the default mode where containers connect to the virtual Ethernet bridge
What I use in this article is
host mode. If it’s specified containers use the host network stack,
which means Pcap4J on a container with the
host mode can see network interfaces on its host and sniff network traffic via them directly.
This sounds easy. And more, according to the Docker Docs, the
host mode gives significantly better networking performance than the
bridge mode. But instead,
host is insecure. (See Docker Docs - Mode: host for the details.)
What I did
In the same environment with 2 days ago, I did the followings:
Start a Pcap4J container with the network mode set to host
# docker run --name pcap4j-hostnet --net=host kaitoy/pcap4j:latest
The above command create a container named
pcap4j-hostnetfrom the image
/bin/sh /usr/local/src/pcap4j/bin/capture.sh eth0 falsein the container. The
capture.shstarts packet capturing on
eth0using Pcap4J. This
eth0is the interface of the docker host mashine because the network mode is set to
What a easy way.