{"id":24571071,"url":"https://github.com/shaded-enmity/docker-network-capture","last_synced_at":"2025-08-27T02:12:41.635Z","repository":{"id":57423290,"uuid":"70715402","full_name":"shaded-enmity/docker-network-capture","owner":"shaded-enmity","description":"Capture network traffic of a running container","archived":false,"fork":false,"pushed_at":"2016-11-29T15:33:55.000Z","size":46,"stargazers_count":13,"open_issues_count":1,"forks_count":8,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-04-23T00:45:31.112Z","etag":null,"topics":["capture","debugging","docker","network","traffic"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/shaded-enmity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-10-12T15:45:53.000Z","updated_at":"2022-05-29T20:26:19.000Z","dependencies_parsed_at":"2022-09-05T11:10:49.514Z","dependency_job_id":null,"html_url":"https://github.com/shaded-enmity/docker-network-capture","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shaded-enmity%2Fdocker-network-capture","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shaded-enmity%2Fdocker-network-capture/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shaded-enmity%2Fdocker-network-capture/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shaded-enmity%2Fdocker-network-capture/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/shaded-enmity","download_url":"https://codeload.github.com/shaded-enmity/docker-network-capture/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250348873,"owners_count":21415907,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["capture","debugging","docker","network","traffic"],"created_at":"2025-01-23T17:59:10.180Z","updated_at":"2025-04-23T00:45:37.640Z","avatar_url":"https://github.com/shaded-enmity.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# docker-network-capture\n\nA small utility written in Python3 that can help you debug network problems of Docker containers.\n\n## Prerequisites\n\nMake sure you have `tcpdump` package installed, the execution requires root privileges\n\n## Installation\n\nVia PIP:\n```\n$ pip3 install docker-network-capture\n```\n\n## Usage\n\n```\nusage: docker-network-capture [-h] [--verbose] [-b BRIDGE] [-c CAPTURE] [-j]\n                              [-d DOCKER]\n                              container\n\npositional arguments:\n  container\n\noptional arguments:\n  -h, --help            show this help message and exit\n  --verbose\n  -b BRIDGE, --bridge BRIDGE\n                        Docker bridge to use\n  -c CAPTURE, --capture CAPTURE\n                        Direction of traffic to capture [egress,ingress]\n  -j, --json            buffer data and output JSON at the end\n  -d DOCKER, --docker DOCKER\n```\n\n## Architecture \u0026 Security\n\n![DNC ARCHITECTURE](https://github.com/shaded-enmity/docker-network-capture/blob/master/media/dnc_architecture.jpg \"DNC ARCHITECTURE\")\n\nThe main process starts off as `root` and creates two pipeline producers, one for the ethernet interface of the container and one for the namespaced loopback interface. Each pipeline launches it's own `tcpdump` capture process, after that is done, the main process deprivileges itself by changing it's UID/GID/Groups settings to nobody. After the `tcpdump` process is ready, a new process is forked, which is immediately deprivileged in the same way as the main process, and this process then handles the the parsing of raw byte stream into packets via PCAP and feeding them back to the main process via the `Queue`.\n\n## Example\n\nIn the following example we see the output of `docker-network-capture` for a container\nin which `curl google.com` was executed:\n\n```\n$ sudo docker-network-capture --capture=egress,ingress 92707a5e8369\nOUT: 10.38.5.26:53\n  00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15\n+-------------------------------------------------+----------------+\n| 2F 59 01 00 00 01 00 00 00 00 00 00 06 67 6F 6F |/Y...........goo|\n| 67 6C 65 03 63 6F 6D 00 00 01 00 01             |gle.com.....    |\n+-------------------------------------------------+----------------+\nOUT: 10.38.5.26:53\n  00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15\n+-------------------------------------------------+----------------+\n| CE B8 01 00 00 01 00 00 00 00 00 00 06 67 6F 6F |.............goo|\n| 67 6C 65 03 63 6F 6D 00 00 1C 00 01             |gle.com.....    |\n+-------------------------------------------------+----------------+\nIN:  10.38.5.26:53\n  00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15\n+-------------------------------------------------+----------------+\n| 2F 59 81 80 00 01 00 01 00 00 00 00 06 67 6F 6F |/Y...........goo|\n| 67 6C 65 03 63 6F 6D 00 00 01 00 01 C0 0C 00 01 |gle.com.........|\n| 00 01 00 00 00 99 00 04 D8 3A D0 2E             |.........:..    |\n+-------------------------------------------------+----------------+\nIN:  10.38.5.26:53\n  00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15\n+-------------------------------------------------+----------------+\n| CE B8 81 80 00 01 00 01 00 00 00 00 06 67 6F 6F |.............goo|\n| 67 6C 65 03 63 6F 6D 00 00 1C 00 01 C0 0C 00 1C |gle.com.........|\n| 00 01 00 00 00 99 00 10 2A 00 14 50 40 01 08 15 |........*..P@...|\n| 00 00 00 00 00 00 20 0E                         |...... .        |\n+-------------------------------------------------+----------------+\nOUT: 216.58.208.46:80\nIN:  216.58.208.46:80\nOUT: 216.58.208.46:80\nOUT: 216.58.208.46:80\n  00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15\n+-------------------------------------------------+----------------+\n| 47 45 54 20 2F 20 48 54 54 50 2F 31 2E 31 0D 0A |GET / HTTP/1.1..|\n| 48 6F 73 74 3A 20 67 6F 6F 67 6C 65 2E 63 6F 6D |Host: google.com|\n| 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 63 75 |..User-Agent: cu|\n| 72 6C 2F 37 2E 34 37 2E 31 0D 0A 41 63 63 65 70 |rl/7.47.1..Accep|\n| 74 3A 20 2A 2F 2A 0D 0A 0D 0A                   |t: */*....      |\n+-------------------------------------------------+----------------+\nIN:  216.58.208.46:80\nIN:  216.58.208.46:80\n  00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15\n+-------------------------------------------------+----------------+\n| 48 54 54 50 2F 31 2E 31 20 33 30 32 20 46 6F 75 |HTTP/1.1 302 Fou|\n| 6E 64 0D 0A 43 61 63 68 65 2D 43 6F 6E 74 72 6F |nd..Cache-Contro|\n| 6C 3A 20 70 72 69 76 61 74 65 0D 0A 43 6F 6E 74 |l: private..Cont|\n| 65 6E 74 2D 54 79 70 65 3A 20 74 65 78 74 2F 68 |ent-Type: text/h|\n| 74 6D 6C 3B 20 63 68 61 72 73 65 74 3D 55 54 46 |tml; charset=UTF|\n| 2D 38 0D 0A 4C 6F 63 61 74 69 6F 6E 3A 20 68 74 |-8..Location: ht|\n| 74 70 3A 2F 2F 77 77 77 2E 67 6F 6F 67 6C 65 2E |tp://www.google.|\n| 63 7A 2F 3F 67 66 65 5F 72 64 3D 63 72 26 65 69 |cz/?gfe_rd=cr\u0026ei|\n| 3D 50 72 63 45 57 49 4F 64 49 34 4C 62 38 41 66 |=PrcEWIOdI4Lb8Af|\n| 52 34 62 76 67 44 51 0D 0A 43 6F 6E 74 65 6E 74 |R4bvgDQ..Content|\n| 2D 4C 65 6E 67 74 68 3A 20 32 35 38 0D 0A 44 61 |-Length: 258..Da|\n| 74 65 3A 20 4D 6F 6E 2C 20 31 37 20 4F 63 74 20 |te: Mon, 17 Oct |\n| 32 30 31 36 20 31 31 3A 33 34 3A 32 32 20 47 4D |2016 11:34:22 GM|\n| 54 0D 0A 0D 0A 3C 48 54 4D 4C 3E 3C 48 45 41 44 |T....\u003cHTML\u003e\u003cHEAD|\n| 3E 3C 6D 65 74 61 20 68 74 74 70 2D 65 71 75 69 |\u003e\u003cmeta http-equi|\n| 76 3D 22 63 6F 6E 74 65 6E 74 2D 74 79 70 65 22 |v=\"content-type\"|\n| 20 63 6F 6E 74 65 6E 74 3D 22 74 65 78 74 2F 68 | content=\"text/h|\n| 74 6D 6C 3B 63 68 61 72 73 65 74 3D 75 74 66 2D |tml;charset=utf-|\n| 38 22 3E 0A 3C 54 49 54 4C 45 3E 33 30 32 20 4D |8\"\u003e.\u003cTITLE\u003e302 M|\n| 6F 76 65 64 3C 2F 54 49 54 4C 45 3E 3C 2F 48 45 |oved\u003c/TITLE\u003e\u003c/HE|\n| 41 44 3E 3C 42 4F 44 59 3E 0A 3C 48 31 3E 33 30 |AD\u003e\u003cBODY\u003e.\u003cH1\u003e30|\n| 32 20 4D 6F 76 65 64 3C 2F 48 31 3E 0A 54 68 65 |2 Moved\u003c/H1\u003e.The|\n| 20 64 6F 63 75 6D 65 6E 74 20 68 61 73 20 6D 6F | document has mo|\n| 76 65 64 0A 3C 41 20 48 52 45 46 3D 22 68 74 74 |ved.\u003cA HREF=\"htt|\n| 70 3A 2F 2F 77 77 77 2E 67 6F 6F 67 6C 65 2E 63 |p://www.google.c|\n| 7A 2F 3F 67 66 65 5F 72 64 3D 63 72 26 61 6D 70 |z/?gfe_rd=cr\u0026amp|\n| 3B 65 69 3D 50 72 63 45 57 49 4F 64 49 34 4C 62 |;ei=PrcEWIOdI4Lb|\n| 38 41 66 52 34 62 76 67 44 51 22 3E 68 65 72 65 |8AfR4bvgDQ\"\u003ehere|\n| 3C 2F 41 3E 2E 0D 0A 3C 2F 42 4F 44 59 3E 3C 2F |\u003c/A\u003e...\u003c/BODY\u003e\u003c/|\n| 48 54 4D 4C 3E 0D 0A                            |HTML\u003e..         |\n+-------------------------------------------------+----------------+\nOUT: 216.58.208.46:80\nOUT: 216.58.208.46:80\nIN:  216.58.208.46:80\nOUT: 216.58.208.46:80\n```\n\nAnd here's the same request but with a JSON formatted output:\n\n```\n[\n   {\n      \"payload\": \"5be60100000100000000000006676f6f676c6503636f6d0000010001\",\n      \"src_port\": \"36838\",\n      \"interface\": \"docker0\",\n      \"src\": \"172.17.0.2\",\n      \"dst\": \"10.38.5.26\",\n      \"dst_port\": \"53\"\n   },\n   {\n      \"payload\": \"1dd30100000100000000000006676f6f676c6503636f6d00001c0001\",\n      \"src_port\": \"36838\",\n      \"interface\": \"docker0\",\n      \"src\": \"172.17.0.2\",\n      \"dst\": \"10.38.5.26\",\n      \"dst_port\": \"53\"\n   },\n   {\n      \"payload\": \"5be68180000100010000000006676f6f676c6503636f6d0000010001c00c00010001000000890004d83ad02e\",\n      \"src_port\": \"53\",\n      \"interface\": \"docker0\",\n      \"src\": \"10.38.5.26\",\n      \"dst\": \"172.17.0.2\",\n      \"dst_port\": \"36838\"\n   },\n   {\n      \"payload\": \"1dd38180000100010000000006676f6f676c6503636f6d00001c0001c00c001c00010000008900102a00145040010815000000000000200e\",\n      \"src_port\": \"53\",\n      \"interface\": \"docker0\",\n      \"src\": \"10.38.5.26\",\n      \"dst\": \"172.17.0.2\",\n      \"dst_port\": \"36838\"\n   },\n   {\n      \"payload\": \"\",\n      \"src_port\": \"46094\",\n      \"interface\": \"docker0\",\n      \"src\": \"172.17.0.2\",\n      \"dst\": \"216.58.208.46\",\n      \"dst_port\": \"80\"\n   },\n   {\n      \"payload\": \"\",\n      \"src_port\": \"80\",\n      \"interface\": \"docker0\",\n      \"src\": \"216.58.208.46\",\n      \"dst\": \"172.17.0.2\",\n      \"dst_port\": \"46094\"\n   },\n   {\n      \"payload\": \"\",\n      \"src_port\": \"46094\",\n      \"interface\": \"docker0\",\n      \"src\": \"172.17.0.2\",\n      \"dst\": \"216.58.208.46\",\n      \"dst_port\": \"80\"\n   },\n   {\n      \"payload\": \"474554202f20485454502f312e310d0a486f73743a20676f6f676c652e636f6d0d0a557365722d4167656e743a206375726c2f372e34372e310d0a4163636570743a202a2f2a0d0a0d0a\",\n      \"src_port\": \"46094\",\n      \"interface\": \"docker0\",\n      \"src\": \"172.17.0.2\",\n      \"dst\": \"216.58.208.46\",\n      \"dst_port\": \"80\"\n   },\n   {\n      \"payload\": \"\",\n      \"src_port\": \"80\",\n      \"interface\": \"docker0\",\n      \"src\": \"216.58.208.46\",\n      \"dst\": \"172.17.0.2\",\n      \"dst_port\": \"46094\"\n   },\n   {\n      \"payload\": \"485454502f312e312033303220466f756e640d0a43616368652d436f6e74726f6c3a20707269766174650d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d5554462d380d0a4c6f636174696f6e3a20687474703a2f2f7777772e676f6f676c652e637a2f3f6766655f72643d63722665693d54726345574e7a5247596a6238416648376f4b6f42510d0a436f6e74656e742d4c656e6774683a203235380d0a446174653a204d6f6e2c203137204f637420323031362031313a33343a333820474d540d0a0d0a3c48544d4c3e3c484541443e3c6d65746120687474702d65717569763d22636f6e74656e742d747970652220636f6e74656e743d22746578742f68746d6c3b636861727365743d7574662d38223e0a3c5449544c453e333032204d6f7665643c2f5449544c453e3c2f484541443e3c424f44593e0a3c48313e333032204d6f7665643c2f48313e0a54686520646f63756d656e7420686173206d6f7665640a3c4120485245463d22687474703a2f2f7777772e676f6f676c652e637a2f3f6766655f72643d637226616d703b65693d54726345574e7a5247596a6238416648376f4b6f4251223e686572653c2f413e2e0d0a3c2f424f44593e3c2f48544d4c3e0d0a\",\n      \"src_port\": \"80\",\n      \"interface\": \"docker0\",\n      \"src\": \"216.58.208.46\",\n      \"dst\": \"172.17.0.2\",\n      \"dst_port\": \"46094\"\n   },\n   {\n      \"payload\": \"\",\n      \"src_port\": \"46094\",\n      \"interface\": \"docker0\",\n      \"src\": \"172.17.0.2\",\n      \"dst\": \"216.58.208.46\",\n      \"dst_port\": \"80\"\n   },\n   {\n      \"payload\": \"\",\n      \"src_port\": \"46094\",\n      \"interface\": \"docker0\",\n      \"src\": \"172.17.0.2\",\n      \"dst\": \"216.58.208.46\",\n      \"dst_port\": \"80\"\n   },\n   {\n      \"payload\": \"\",\n      \"src_port\": \"80\",\n      \"interface\": \"docker0\",\n      \"src\": \"216.58.208.46\",\n      \"dst\": \"172.17.0.2\",\n      \"dst_port\": \"46094\"\n   },\n   {\n      \"payload\": \"\",\n      \"src_port\": \"46094\",\n      \"interface\": \"docker0\",\n      \"src\": \"172.17.0.2\",\n      \"dst\": \"216.58.208.46\",\n      \"dst_port\": \"80\"\n   }\n]\n\n```\n\n## License\n\nGNU/GPL 2.0\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshaded-enmity%2Fdocker-network-capture","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fshaded-enmity%2Fdocker-network-capture","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshaded-enmity%2Fdocker-network-capture/lists"}