Monitored Interfaces Examples

Running a Docker container with the --net=host option allows the container to see all interfaces that are available to the host, but will prevent the container from creating its own local interface. To run a docker container using the --net=host option use the following command:

docker run --net=host <container>

For the following examples, assume the following IP/host/container combinations:

Host - 192.0.2.1

Container 1 - veth1 - 192.0.2.2

Container 2 - veth2 - 192.0.2.3

Container to Network

Container 1 running with --net=host option.

Container 2 running without --net=host option.

From Host

Host interface

Traffic from the host will be reported with an IP of 192.0.2.1

Traffic from Container 1 will be reported with an IP of 192.0.2.1

Traffic from Container 2 will be reported with an IP of 192.0.2.1

Docker0

Traffic from the host will not be reported.

Traffic from Container 1 will be reported as coming from 192.0.2.2

Traffic from Container 2 will be reported as coming from 192.0.2.3

veth1

Will not exist due to running with --net=host option.

veth2

Traffic from the host will not be reported.

Traffic from Container 1 will not be reported.

Traffic from Container 2 will be reported as coming from 192.0.2.3

From Container 1

Host interface

Traffic from the host will be reported with an IP of 192.0.2.1

Traffic from Container 1 will be reported with an IP of 192.0.2.1

Traffic from Container 2 will be reported with an IP of 192.0.2.1

Docker0

Traffic from the host will not be reported.

Traffic from Container 1 will be reported as coming from 192.0.2.2

Traffic from Container 2 will be reported as coming from 192.0.2.3

Container 1 local interface

will not exist due to running with --net=host.

veth2

Traffic from the host will not be reported.

Traffic from Container 1 will not be reported.

Traffic from Container 2 will be reported as coming from 192.0.2.3

Container to Container

To monitor traffic between all containers from the host you must use the docker0 interface. You could also select the veth* of just the container(s) that you would like to monitor.

From Host

Container 1 running without --net=host option.

Container 2 running without --net=host option.

Docker0

Traffic from the host will not be reported.

Traffic from Container 1 will be reported as coming from 192.0.2.2

Traffic from Container 2 will be reported as coming from 192.0.2.3

veth1

Traffic from Container 1 will be reported as coming from 192.0.2.2

veth1 && veth2

Traffic from Container 1 will be reported as coming from 192.0.2.2

Traffic from Container 2 will be reported as coming from 192.0.2.3

From Container 1

Container 1 running with --net=host option.

Container 2 running without --net=host option.

Docker0

Traffic from the host will not be reported.

Traffic from Container 1 will be reported as coming from 192.0.2.2

Traffic from Container 2 will be reported as coming from 192.0.2.3

Container 1 local interface

will not exist due to running with --net=host.

veth2

Traffic from Container 2 will be reported as coming from 192.0.2.3

Host to Network

Container 1 run with --net=host option.

Container 2 run without --net=host option.

From Host

Host interface

Traffic from the host will be reported with an IP of 192.0.2.1

Traffic from Container 1 will be reported with an IP of 192.0.2.1

Traffic from Container 2 will be reported with an IP of 192.0.2.1

From Container

Host interface

Traffic from the host will be reported with an IP of 192.0.2.1

Traffic from Container 1 will be reported with an IP of 192.0.2.1

Traffic from Container 2 will be reported with an IP of 192.0.2.1