tcpdump is a networking utility that prints out a description of the contents of packets on a network interface.
For Kaazing demos and tutorials, this container will let you capture network traffic that occurs inside the docker containers for analysis with Wireshark. You can save a dumpfile to open in Wireshark after the fact, or you can monitor the traffic in real time with Wireshark.
-
Start your Docker containers or Docker Compose suite in the normal way.
-
Then start the container to capture network traffic:
$ docker run --rm --net=host -v $PWD/tcpdump:/tcpdump kaazing/tcpdump
This will save network traffic in
tcpdump/tcpdump.pcap
of the current directory.If you want to save to a different location, change
$PWD/tcpdump
volume to a directory where you'd like the dumpfile to be saved. On Linux and Mac you can use the$PWD
to refer to the current directory. Docker expects an absolute path here, which is why you can't use./
. -
You can watch the traffic live in Wireshark using the following command as you run your scenario. This will open Wireshark where you can see the packets, apply filters, etc:
tail -c +1 -f tcpdump/tcpdump.pcap | wireshark -k -i -
Alternatively, you can simply open
tcpdump/tcpdump.pcap
as a file using Wireshark after you have finished capturing.
-
Add the following service to your
docker-compose.yml
file.tcpdump: image: kaazing/tcpdump network_mode: "host" volumes: - ./tcpdump:/tcpdump
-
Start your Docker Compose suite.
The
tcpdump
service will save network traffic intcpdump/tcpdump.pcap
of the current directory. -
You can watch the traffic live in Wireshark using the following command as you run your scenario. This will open Wireshark where you can see the packets, apply filters, etc:
tail -c +1 -f tcpdump/tcpdump.pcap | wireshark -k -i -
Alternatively, you can simply open
tcpdump/tcpdump.pcap
as a file using Wireshark after you have finished capturing.
You can specify your own parameters, overriding the default.
Specify your parameters:
docker run --rm --net=host -v $PWD/tcpdump:/tcpdump kaazing/tcpdump -v -i any -w myapp.pcap
Add the command
tag with your parameters to the service:
tcpdump:
image: kaazing/tcpdump
network_mode: "host"
volumes:
- ./tcpdump:/tcpdump
command: [ "-C", "100", "-W", "2", "-v", "-i", "any", "-w", "/tcpdump/myapp.pcap" ]