Docker - traffic mirroring

docker host ip
docker port mapping
docker bridge network
docker container access local network
docker sniff network traffic
docker monitor network traffic
docker networking tutorial
docker network command

I have 2 different running containers. I'd like to be able to mirror traffic that comes to container #1 into container #2.

Is there a docker command for this?

Traffic mirroring is possible on linux interfaces, I don't believe docker provides a method for setting that up though. The mirroring should work via the veth interfaces docker sets up for each container, if you add it manually.

Traffic Control

tc allows you to manage traffic in a number of ways, normally used for quality of service type queuing. tc also provides a mirror action. The following matches all inbound and outbound traffic and mirrors it to another interface.

tc qdisc add dev vethb692b75@if13 ingress
tc filter add dev vethb692b75@if13 parent ffff: \
   protocol all prio 2 u32 \
   match u32 0 0 flowid 1:1 \
   action mirred egress mirror dev veth4305fdd@if15

tc qdisc replace dev vethb692b75@if13 parent root handle 10: prio
tc filter add dev vethb692b75@if13 parent 10: \
   protocol all prio 2 u32 \
   match u32 0 0 flowid 10:1 \
   action mirred egress mirror dev veth4305fdd@if15
IP Tables

iptables can forward cloned packets to a routable host. This would normally be used to mirror traffic to an external host.

iptables -t mangle -I PREROUTING -i vethb692b75@if13 -j TEE --gateway <monitor_ip>
iptables -t mangle –I POSTROUTING -i vethb692b75@if13 -j TEE --gateway <monitor_ip>

As most network monitoring software in the linux world deals in tcpdump, you may also be able to tcpdump the interface from the host into a fifo that is mounted into your monitoring container.

mkfifo /tmp/remotecapture.fifo 
tcpdump -s 0 -n -w - -U -i vethb692b75@if13 > /tmp/remotecapture.fifo
docker run -v /tmp/remotecapture.fifo:/tmp/remotecapture.fifo <image> netmonitor -f /tmp/remotecapture.fifo

The veth names are assigned to each container startup so capturing would need to be part of your container start/stop process. You want to remove any rules on a container stop.

In the cases where traffic is forwarded somewhere, the recipient container/host should not be routing any of these packets back or to their original destination.

Mirroring Docker Traffic to Different Port in Same Container, After a great deal of effort, the following solution was discovered that needs to run inside the container: sysctl -w� Understanding Istio: part 7 – Traffic Mirroring # kubernetes # devops # docker # beginners Aurélie Vache Jun 11 Updated on Jun 28, 2020 ・1 min read

If would be easier to setup container#2 as a reverse proxy for container#1

That means container#2 see all traffic and send it to container#1

You can use as container#2 It is meant for load balancing, but in your case, you could define only one backend (so no load balancing there) referencing container#1. You can build a traefik container quite easily (see this Dockerfile for instance, for arm architecture)

Capturing Network Traffic With Docker Containers, How to capture and log internet traffic from programs using Docker containers. Posted on Fri, Jan 29, 2016 by. David Jahn. Categories: Containers Docker� The Synology task scheduler software can take care of the weekly jobs. I’ve also chosen to build my backup process on Docker, as Synology’s Docker plugin manages it nicely. The Process. For any given site, the backup and archival pipeline goes like this: Use HTTrack to mirror the website to the local filesystem.

EDIT: In case you are dealing with HTTP traffic only

You can run Nginx in a 3rd container and use that the entry point for docker containers. Then use the nginx as a reverse proxy for Container 1 and use nginx mirror directive to mirror all requests to container 2 as well.

Effectively, container 1 will receive all the requests and send responses. Container 2 will also get the requests but its responses would not be sent back to the user/client that made the request.

Here's a sample Nginx Config.

upstream logger {
    server app2:3002;

upstream app {
    server app1:3002;

server {
    listen 8000;
    location / {
        mirror /mirror;
        mirror_request_body on;
        proxy_pass http://app;
    location  = /mirror {
        proxy_connect_timeout 200ms;
        proxy_read_timeout 200ms;
        proxy_pass http://logger$request_uri;
        proxy_set_header HOST $http_host;
        proxy_set_header X-FORWARDED-FOR $remote_addr;

Mirroring traffic to another container - General Discussions, Hi guys, Hope you can help here, Assume I have container A with IP 172.10. 12.22 that gets some TCP/UDP traffic on port 3000. Now assume I� Mirroring Docker Traffic to Different Port in Same Container. Ask Question Asked 1 year, 6 months ago. Active 1 year, 5 months ago. Viewed 415 times 1. I am using

Container networking, To make a port available to services outside of Docker, or to Docker containers which are not connected to the container's network, use the --publish or -p flag. Traffic mirroring, also called shadowing, is a powerful concept that allows feature teams to bring changes to production with as little risk as possible. Mirroring sends a copy of live traffic to a mirrored service. The mirrored traffic happens out of band of the critical request path for the primary service.

Traffic Mirroring With OVS, Traffic mirroring, or port mirroring, is a technique to send a copy of the this is equivalent to log into ctn-1 with docker exec -it ctn-1 sh and run� The default docker networking mode is Docker Bridge which isolates the container from the network. Launch container B with --net=host and it will be able to capture traffic between the network and host as required.

Containers and Kubernetes Visibility, Kubernetes and Docker do not provide built-in packet mirroring. “Hair-pinning” traffic through outside or inline control points isn't an acceptable solution for� Traffic mirroring is a useful tool for debugging protocol level issues. It’s particularly useful for network elements which may have limited logging or other tooling that could be used for

  • What do you mean by "mirror traffic"? Traffic mirroring is normally done on a lower network level than where docker container operate. Perhaps you meant "load balance traffic"?
  • That could be a better fit (than my answer), considering the OP's question. +1
  • Thanks!! that was very useful. Another question please, how can I get the bridge name given the name of the container?
  • @EfratLevy submit that as another question.
  • Thanks. I wouldn't like container #2 to set as a reverse proxy because this means that if it fails, then the main container does not get any traffic \= Is there another solution?
  • @EfratLevy you could install traefik directly in container#1 and send traffic to your container#1 main server, and to container#2
  • But it can be UDP traffic - not HTTP(S).
  • @Dmytro yea, this would work only for HTTP(s), I'd follow matt's answer for TCP