Geekflare is supported by our audience. We may earn affiliate commissions from buying links on this site.
In DevOps Last updated: November 1, 2022
Share on:
Invicti Web Application Security Scanner – the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

View and manage network connections established by a Docker container.

Often while working with a Docker container, we need to look at the network connections being used by the container for initial debugging or troubleshooting purposes. You may want to see which IP is listening on a port or how many connections are currently active in the container.

Since a Docker is an isolated environment, running netstat on a server won’t give you network connections of the container. Instead, you have to either get inside a container to run the netstat or run it remotely.

Let’s see both options…

# 1. Getting inside Docker container to run netstat

As a first step, find the Container ID of the container that you want to troubleshoot.

$ docker ps
CONTAINER ID   IMAGE     COMMAND                  CREATED         STATUS         PORTS                NAMES
0ce7cfb9be37   nginx     "/docker-entrypoint.…"   2 minutes ago   Up 2 minutes>80/tcp   web-server
4ab8551671d7   nginx     "/docker-entrypoint.…"   6 minutes ago   Up 6 minutes   80/tcp               vigilant_ganguly

Here the one I want to troubleshoot is the container with ID 0ce7cfb9be37. Now to get a shell (bash) session of this container, use:

$ docker exec -it 0ce7cfb9be37 bash

This should land you in a bash prompt inside the container.


You can install the netstat package to look for established network connections. By default, these utilities may not be available inside the container.

So to install it, use:

apt update
apt install net-tools

Now, we can use the netstat command as usual.

# netstat -an


Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0    *               LISTEN
tcp        0      0      FIN_WAIT2
tcp        0      0       ESTABLISHED
tcp        0      0      FIN_WAIT2
tcp        0      0       ESTABLISHED
tcp6       0      0 :::80                   :::*                    LISTEN
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  3      [ ]         STREAM     CONNECTED     35748
unix  3      [ ]         STREAM     CONNECTED     35749

As you can see from the above output, established connections with their source and destination addresses are listed. To see processes listening on ports, you can use:

# netstat -tulnp


Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0    *               LISTEN      1/nginx: master pro
tcp6       0      0 :::80                   :::*                    LISTEN      1/nginx: master pro

# 2. Run netstat without getting inside the container

First thing first, we need to get the container ID with the docker ps command.

[root@relicflare-shared-services ~]# docker ps
CONTAINER ID   IMAGE                      COMMAND                  CREATED      STATUS      PORTS                    NAMES
e5db9a01d4a8   postgres:13.1-alpine       "docker-entrypoint.s…"   9 days ago   Up 9 days>5432/tcp   relicflare_server_postgres
[root@relicflare-shared-services ~]#

And, then run the docker command as below to find out all the established connections for the container.

docker exec e5db9a01d4a8 netstat |grep ESTABLISHED 

This would result something like below.

[root@relicflare-shared-services ~]# docker exec e5db9a01d4a8 netstat | grep ESTABLISHED
tcp        0      0 e5db9a01d4a8:postgresql 161.35.XXX.XXX:49128    ESTABLISHED 
udp        0      0 localhost:48818         localhost:48818         ESTABLISHED 
[root@relicflare-shared-services ~]# 

So the idea is to run the netstat command along with the docker exec command.


Now you have the required connection details, you can proceed with your troubleshooting by looking further at docker and process logs.

  • Abhishek Nair
Thanks to our Sponsors
More great readings on DevOps
Power Your Business
Some of the tools and services to help your business grow.
  • Invicti uses the Proof-Based Scanning™ to automatically verify the identified vulnerabilities and generate actionable results within just hours.
    Try Invicti
  • Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.
    Try Brightdata
  • is an all-in-one work OS to help you manage projects, tasks, work, sales, CRM, operations, workflows, and more.
    Try Monday
  • Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.
    Try Intruder