Small Docker container to sniff the traffic of any other Docker container with tcpdump
docker run --rm -v $(pwd):/dump --tty --net=container:<container_name> lissy93/tcpdump tcpdump -i any -w /dump/dump.pcap
Where <container_name> is the running container you would like to analyze, and dump.pcap is the output filename.
Once you've finished captureing traffic, open the pcap file in Wireshark, or your favorite packet analyzer.
You can also append any other tcpdump commands with docker run lissy93/tcpdump tcpdump [commands].
The container is published on DockerHub under lissy93/tcpdump, or build and run the Dockerfile yourself.
© Alicia Sykes 2022
Licensed under MIT
