• Get application security done the right way! Detect, Protect, Monitor, Accelerate, and more…
  • View and manage network connections established by a Docker container.

    Often while working with a Docker container, we need to look at the network connections being used by the container for initial debugging or troubleshooting purposes. You may want to see which IP is listening on a port or how many connections are currently active in the container.

    Since a Docker is an isolated environment, running netstat on a server won’t give you network connections of the container. Instead, you have to either get inside a container to run the netstat or run it remotely.

    Let’s see both options…

    # 1. Getting inside Docker container to run netstat

    As a first step, find the Container ID of the container that you want to troubleshoot.

    $ docker ps
    CONTAINER ID   IMAGE     COMMAND                  CREATED         STATUS         PORTS                NAMES
    0ce7cfb9be37   nginx     "/docker-entrypoint.…"   2 minutes ago   Up 2 minutes   0.0.0.0:80->80/tcp   web-server
    4ab8551671d7   nginx     "/docker-entrypoint.…"   6 minutes ago   Up 6 minutes   80/tcp               vigilant_ganguly
    $

    Here the one I want to troubleshoot is the container with ID 0ce7cfb9be37. Now to get a shell (bash) session of this container, use:

    $ docker exec -it 0ce7cfb9be37 bash

    This should land you in a bash prompt inside the container.

    [email protected]:/#

    You can install the netstat package to look for established network connections. By default, these utilities may not be available inside the container.

    So to install it, use:

    apt update
    apt install net-tools

    Now, we can use the netstat command as usual.

    # netstat -an

    Output:

    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State
    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
    tcp        0      0 172.17.0.3:80           223.233.99.46:64429     FIN_WAIT2
    tcp        0      0 172.17.0.3:80           223.233.99.46:4811      ESTABLISHED
    tcp        0      0 172.17.0.3:80           223.233.99.46:64430     FIN_WAIT2
    tcp        0      0 172.17.0.3:80           223.233.99.46:4810      ESTABLISHED
    tcp6       0      0 :::80                   :::*                    LISTEN
    Active UNIX domain sockets (servers and established)
    Proto RefCnt Flags       Type       State         I-Node   Path
    unix  3      [ ]         STREAM     CONNECTED     35748
    unix  3      [ ]         STREAM     CONNECTED     35749

    As you can see from the above output, established connections with their source and destination addresses are listed. To see processes listening on ports, you can use:

    # netstat -tulnp

    Output:

    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1/nginx: master pro
    tcp6       0      0 :::80                   :::*                    LISTEN      1/nginx: master pro

    # 2. Run netstat without getting inside the container

    First thing first, we need to get the container ID with the docker ps command.

    [[email protected] ~]# docker ps
    CONTAINER ID   IMAGE                      COMMAND                  CREATED      STATUS      PORTS                    NAMES
    e5db9a01d4a8   postgres:13.1-alpine       "docker-entrypoint.s…"   9 days ago   Up 9 days   0.0.0.0:5432->5432/tcp   relicflare_server_postgres
    [[email protected] ~]#
    

    And, then run the docker command as below to find out all the established connections for the container.

    docker exec e5db9a01d4a8 netstat |grep ESTABLISHED 

    This would result something like below.

    [[email protected] ~]# docker exec e5db9a01d4a8 netstat | grep ESTABLISHED
    tcp        0      0 e5db9a01d4a8:postgresql 161.35.XXX.XXX:49128    ESTABLISHED 
    udp        0      0 localhost:48818         localhost:48818         ESTABLISHED 
    [[email protected] ~]# 

    So the idea is to run the netstat command along with the docker exec command.

    Conclusion

    Now you have the required connection details, you can proceed with your troubleshooting by looking further at docker and process logs.