{ "info": { "author": "Pavel Odvody", "author_email": "podvody@redhat.com", "bugtrack_url": null, "classifiers": [ "Programming Language :: Python :: 3 :: Only" ], "description": "# docker-network-capture\n\nA small utility written in Python3 that can help you debug network problems of Docker containers.\n\n## Prerequisites\n\nMake sure you have `tcpdump` package installed, the execution requires root privileges\n\n## Installation\n\nVia PIP:\n```\n$ pip3 install docker-network-capture\n```\n\n## Usage\n\n```\nusage: docker-network-capture [-h] [--verbose] [-b BRIDGE] [-c CAPTURE] [-j]\n [-d DOCKER]\n container\n\npositional arguments:\n container\n\noptional arguments:\n -h, --help show this help message and exit\n --verbose\n -b BRIDGE, --bridge BRIDGE\n Docker bridge to use\n -c CAPTURE, --capture CAPTURE\n Direction of traffic to capture [egress,ingress]\n -j, --json buffer data and output JSON at the end\n -d DOCKER, --docker DOCKER\n```\n\n## Architecture & Security\n\n![DNC ARCHITECTURE](https://github.com/shaded-enmity/docker-network-capture/blob/master/media/dnc_architecture.jpg \"DNC ARCHITECTURE\")\n\nThe main process starts off as `root` and creates two pipeline producers, one for the ethernet interface of the container and one for the namespaced loopback interface. Each pipeline launches it's own `tcpdump` capture process, after that is done, the main process deprivileges itself by changing it's UID/GID/Groups settings to nobody. After the `tcpdump` process is ready, a new process is forked, which is immediately deprivileged in the same way as the main process, and this process then handles the the parsing of raw byte stream into packets via PCAP and feeding them back to the main process via the `Queue`.\n\n## Example\n\nIn the following example we see the output of `docker-network-capture` for a container\nin which `curl google.com` was executed:\n\n```\n$ sudo docker-network-capture --capture=egress,ingress 92707a5e8369\nOUT: 10.38.5.26:53\n 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15\n+-------------------------------------------------+----------------+\n| 2F 59 01 00 00 01 00 00 00 00 00 00 06 67 6F 6F |/Y...........goo|\n| 67 6C 65 03 63 6F 6D 00 00 01 00 01 |gle.com..... |\n+-------------------------------------------------+----------------+\nOUT: 10.38.5.26:53\n 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15\n+-------------------------------------------------+----------------+\n| CE B8 01 00 00 01 00 00 00 00 00 00 06 67 6F 6F |.............goo|\n| 67 6C 65 03 63 6F 6D 00 00 1C 00 01 |gle.com..... |\n+-------------------------------------------------+----------------+\nIN: 10.38.5.26:53\n 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15\n+-------------------------------------------------+----------------+\n| 2F 59 81 80 00 01 00 01 00 00 00 00 06 67 6F 6F |/Y...........goo|\n| 67 6C 65 03 63 6F 6D 00 00 01 00 01 C0 0C 00 01 |gle.com.........|\n| 00 01 00 00 00 99 00 04 D8 3A D0 2E |.........:.. |\n+-------------------------------------------------+----------------+\nIN: 10.38.5.26:53\n 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15\n+-------------------------------------------------+----------------+\n| CE B8 81 80 00 01 00 01 00 00 00 00 06 67 6F 6F |.............goo|\n| 67 6C 65 03 63 6F 6D 00 00 1C 00 01 C0 0C 00 1C |gle.com.........|\n| 00 01 00 00 00 99 00 10 2A 00 14 50 40 01 08 15 |........*..P@...|\n| 00 00 00 00 00 00 20 0E |...... . |\n+-------------------------------------------------+----------------+\nOUT: 216.58.208.46:80\nIN: 216.58.208.46:80\nOUT: 216.58.208.46:80\nOUT: 216.58.208.46:80\n 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15\n+-------------------------------------------------+----------------+\n| 47 45 54 20 2F 20 48 54 54 50 2F 31 2E 31 0D 0A |GET / HTTP/1.1..|\n| 48 6F 73 74 3A 20 67 6F 6F 67 6C 65 2E 63 6F 6D |Host: google.com|\n| 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 63 75 |..User-Agent: cu|\n| 72 6C 2F 37 2E 34 37 2E 31 0D 0A 41 63 63 65 70 |rl/7.47.1..Accep|\n| 74 3A 20 2A 2F 2A 0D 0A 0D 0A |t: */*.... |\n+-------------------------------------------------+----------------+\nIN: 216.58.208.46:80\nIN: 216.58.208.46:80\n 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15\n+-------------------------------------------------+----------------+\n| 48 54 54 50 2F 31 2E 31 20 33 30 32 20 46 6F 75 |HTTP/1.1 302 Fou|\n| 6E 64 0D 0A 43 61 63 68 65 2D 43 6F 6E 74 72 6F |nd..Cache-Contro|\n| 6C 3A 20 70 72 69 76 61 74 65 0D 0A 43 6F 6E 74 |l: private..Cont|\n| 65 6E 74 2D 54 79 70 65 3A 20 74 65 78 74 2F 68 |ent-Type: text/h|\n| 74 6D 6C 3B 20 63 68 61 72 73 65 74 3D 55 54 46 |tml; charset=UTF|\n| 2D 38 0D 0A 4C 6F 63 61 74 69 6F 6E 3A 20 68 74 |-8..Location: ht|\n| 74 70 3A 2F 2F 77 77 77 2E 67 6F 6F 67 6C 65 2E |tp://www.google.|\n| 63 7A 2F 3F 67 66 65 5F 72 64 3D 63 72 26 65 69 |cz/?gfe_rd=cr&ei|\n| 3D 50 72 63 45 57 49 4F 64 49 34 4C 62 38 41 66 |=PrcEWIOdI4Lb8Af|\n| 52 34 62 76 67 44 51 0D 0A 43 6F 6E 74 65 6E 74 |R4bvgDQ..Content|\n| 2D 4C 65 6E 67 74 68 3A 20 32 35 38 0D 0A 44 61 |-Length: 258..Da|\n| 74 65 3A 20 4D 6F 6E 2C 20 31 37 20 4F 63 74 20 |te: Mon, 17 Oct |\n| 32 30 31 36 20 31 31 3A 33 34 3A 32 32 20 47 4D |2016 11:34:22 GM|\n| 54 0D 0A 0D 0A 3C 48 54 4D 4C 3E 3C 48 45 41 44 |T.....302 M|\n| 6F 76 65 64 3C 2F 54 49 54 4C 45 3E 3C 2F 48 45 |oved.

30|\n| 32 20 4D 6F 76 65 64 3C 2F 48 31 3E 0A 54 68 65 |2 Moved

.The|\n| 20 64 6F 63 75 6D 65 6E 74 20 68 61 73 20 6D 6F | document has mo|\n| 76 65 64 0A 3C 41 20 48 52 45 46 3D 22 68 74 74 |ved.here|\n| 3C 2F 41 3E 2E 0D 0A 3C 2F 42 4F 44 59 3E 3C 2F |..... |\n+-------------------------------------------------+----------------+\nOUT: 216.58.208.46:80\nOUT: 216.58.208.46:80\nIN: 216.58.208.46:80\nOUT: 216.58.208.46:80\n```\n\nAnd here's the same request but with a JSON formatted output:\n\n```\n[\n {\n \"payload\": \"5be60100000100000000000006676f6f676c6503636f6d0000010001\",\n \"src_port\": \"36838\",\n \"interface\": \"docker0\",\n \"src\": \"172.17.0.2\",\n \"dst\": \"10.38.5.26\",\n \"dst_port\": \"53\"\n },\n {\n \"payload\": \"1dd30100000100000000000006676f6f676c6503636f6d00001c0001\",\n \"src_port\": \"36838\",\n \"interface\": \"docker0\",\n \"src\": \"172.17.0.2\",\n \"dst\": \"10.38.5.26\",\n \"dst_port\": \"53\"\n },\n {\n \"payload\": \"5be68180000100010000000006676f6f676c6503636f6d0000010001c00c00010001000000890004d83ad02e\",\n \"src_port\": \"53\",\n \"interface\": \"docker0\",\n \"src\": \"10.38.5.26\",\n \"dst\": \"172.17.0.2\",\n \"dst_port\": \"36838\"\n },\n {\n \"payload\": \"1dd38180000100010000000006676f6f676c6503636f6d00001c0001c00c001c00010000008900102a00145040010815000000000000200e\",\n \"src_port\": \"53\",\n \"interface\": \"docker0\",\n \"src\": \"10.38.5.26\",\n \"dst\": \"172.17.0.2\",\n \"dst_port\": \"36838\"\n },\n {\n \"payload\": \"\",\n \"src_port\": \"46094\",\n \"interface\": \"docker0\",\n \"src\": \"172.17.0.2\",\n \"dst\": \"216.58.208.46\",\n \"dst_port\": \"80\"\n },\n {\n \"payload\": \"\",\n \"src_port\": \"80\",\n \"interface\": \"docker0\",\n \"src\": \"216.58.208.46\",\n \"dst\": \"172.17.0.2\",\n \"dst_port\": \"46094\"\n },\n {\n \"payload\": \"\",\n \"src_port\": \"46094\",\n \"interface\": \"docker0\",\n \"src\": \"172.17.0.2\",\n \"dst\": \"216.58.208.46\",\n \"dst_port\": \"80\"\n },\n {\n \"payload\": \"474554202f20485454502f312e310d0a486f73743a20676f6f676c652e636f6d0d0a557365722d4167656e743a206375726c2f372e34372e310d0a4163636570743a202a2f2a0d0a0d0a\",\n \"src_port\": \"46094\",\n \"interface\": \"docker0\",\n \"src\": \"172.17.0.2\",\n \"dst\": \"216.58.208.46\",\n \"dst_port\": \"80\"\n },\n {\n \"payload\": \"\",\n \"src_port\": \"80\",\n \"interface\": \"docker0\",\n \"src\": \"216.58.208.46\",\n \"dst\": \"172.17.0.2\",\n \"dst_port\": \"46094\"\n },\n {\n \"payload\": \"485454502f312e312033303220466f756e640d0a43616368652d436f6e74726f6c3a20707269766174650d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d5554462d380d0a4c6f636174696f6e3a20687474703a2f2f7777772e676f6f676c652e637a2f3f6766655f72643d63722665693d54726345574e7a5247596a6238416648376f4b6f42510d0a436f6e74656e742d4c656e6774683a203235380d0a446174653a204d6f6e2c203137204f637420323031362031313a33343a333820474d540d0a0d0a3c48544d4c3e3c484541443e3c6d65746120687474702d65717569763d22636f6e74656e742d747970652220636f6e74656e743d22746578742f68746d6c3b636861727365743d7574662d38223e0a3c5449544c453e333032204d6f7665643c2f5449544c453e3c2f484541443e3c424f44593e0a3c48313e333032204d6f7665643c2f48313e0a54686520646f63756d656e7420686173206d6f7665640a3c4120485245463d22687474703a2f2f7777772e676f6f676c652e637a2f3f6766655f72643d637226616d703b65693d54726345574e7a5247596a6238416648376f4b6f4251223e686572653c2f413e2e0d0a3c2f424f44593e3c2f48544d4c3e0d0a\",\n \"src_port\": \"80\",\n \"interface\": \"docker0\",\n \"src\": \"216.58.208.46\",\n \"dst\": \"172.17.0.2\",\n \"dst_port\": \"46094\"\n },\n {\n \"payload\": \"\",\n \"src_port\": \"46094\",\n \"interface\": \"docker0\",\n \"src\": \"172.17.0.2\",\n \"dst\": \"216.58.208.46\",\n \"dst_port\": \"80\"\n },\n {\n \"payload\": \"\",\n \"src_port\": \"46094\",\n \"interface\": \"docker0\",\n \"src\": \"172.17.0.2\",\n \"dst\": \"216.58.208.46\",\n \"dst_port\": \"80\"\n },\n {\n \"payload\": \"\",\n \"src_port\": \"80\",\n \"interface\": \"docker0\",\n \"src\": \"216.58.208.46\",\n \"dst\": \"172.17.0.2\",\n \"dst_port\": \"46094\"\n },\n {\n \"payload\": \"\",\n \"src_port\": \"46094\",\n \"interface\": \"docker0\",\n \"src\": \"172.17.0.2\",\n \"dst\": \"216.58.208.46\",\n \"dst_port\": \"80\"\n }\n]\n\n```\n\n## License\n\nGNU/GPL 2.0\n", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/shaded-enmity/docker-network-capture", "keywords": "docker cli network traffic capture", "license": "GNU/GPLv2", "maintainer": null, "maintainer_email": null, "name": "docker-network-capture", "package_url": "https://pypi.org/project/docker-network-capture/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/docker-network-capture/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/shaded-enmity/docker-network-capture" }, "release_url": "https://pypi.org/project/docker-network-capture/0.7.0/", "requires_dist": null, "requires_python": null, "summary": "Thin wrapper around Docker and tcpdump to get traffic coming from/to a container", "version": "0.7.0" }, "last_serial": 2489932, "releases": { "0.6.1": [ { "comment_text": "", "digests": { "md5": "490d7cc1c296f2886f305d01417a3915", "sha256": "7609929c8ed8f9b854f40d86e5ed83093758af7d575d30f3d62c464037d6d6d2" }, "downloads": -1, "filename": "docker-network-capture-0.6.1.tar.gz", "has_sig": false, "md5_digest": "490d7cc1c296f2886f305d01417a3915", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 16721, "upload_time": "2016-10-27T14:56:38", "url": "https://files.pythonhosted.org/packages/77/c5/fc366c6de0bdc1f197e2b7d204aad9226454759849fabd7961975804f299/docker-network-capture-0.6.1.tar.gz" } ], "0.6.2": [ { "comment_text": "", "digests": { "md5": "3db7d1b9608482fb4b163a5d76f3e0e8", "sha256": "6ae0ef715abf649d04569d0862de23fad08bb4ff9a30f6c3fce48bd911e6c023" }, "downloads": -1, "filename": "docker-network-capture-0.6.2.tar.gz", "has_sig": false, "md5_digest": "3db7d1b9608482fb4b163a5d76f3e0e8", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 16839, "upload_time": "2016-11-22T23:08:21", "url": "https://files.pythonhosted.org/packages/14/43/f79999590c520334db08c319df7bab44ab869a734750e1508b30d9134d3b/docker-network-capture-0.6.2.tar.gz" } ], "0.7.0": [ { "comment_text": "", "digests": { "md5": "d97fad3092c2cc490522c95db99c117c", "sha256": "a55964bc8a4890fee7396c9ab398099873fb32e36abcbfa42752a999765de5a5" }, "downloads": -1, "filename": "docker-network-capture-0.7.0.tar.gz", "has_sig": false, "md5_digest": "d97fad3092c2cc490522c95db99c117c", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 16832, "upload_time": "2016-11-29T15:34:04", "url": "https://files.pythonhosted.org/packages/aa/fa/2cca0615333f9eaca154281f547d8c781c3f61f9dd80768587cb0b72e7e4/docker-network-capture-0.7.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "d97fad3092c2cc490522c95db99c117c", "sha256": "a55964bc8a4890fee7396c9ab398099873fb32e36abcbfa42752a999765de5a5" }, "downloads": -1, "filename": "docker-network-capture-0.7.0.tar.gz", "has_sig": false, "md5_digest": "d97fad3092c2cc490522c95db99c117c", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 16832, "upload_time": "2016-11-29T15:34:04", "url": "https://files.pythonhosted.org/packages/aa/fa/2cca0615333f9eaca154281f547d8c781c3f61f9dd80768587cb0b72e7e4/docker-network-capture-0.7.0.tar.gz" } ] }