You are here: Docker > Configure PVS in a Docker Container > Monitored Interfaces

Monitored Interfaces

This topic describes guidelines for configuring the monitored network interfaces.

Available Monitored Network Interfaces

Monitored Network Interface

Description

docker0

An interface that bridges all virtual interfaces. Monitoring this interface will sniff traffic in all containers.

veth*

An interface that is associated with a container. Each container has one veth* interface.

Host interface

A host interface. Monitoring this interface will sniff all network traffic from the host, including traffic in Docker containers.

User-created Docker networks

An interface created with the docker network create parameter. This interface is discoverable using the docker network inspect <networkname> parameter.

Container to Network

To monitor traffic from containers to the network, set the monitored network interfaces to docker0, a host interface, or the virtual interface (veth*) assigned to that container. When monitoring only the host interface, connections made from the container will be reported by PVSPassive Vulnerability Scanner as having the IP of the host rather than the container's private IP address.

The following image shows an example monitoring configuration where PVS is running on the host and one container interface is selected.

Container to Container

To monitor traffic between all containers from the host, set the monitored network interface to docker0. You can also select the veth* of just the container(s) that you would like to monitor.

The following image shows an example monitoring configuration where docker0 is selected, which will discover traffic from all containers.

Monitoring these interfaces will detect traffic between docker containers, but not over custom bridges. If you have containers configured to use a custom bridge, configure PVS to monitor that interface. If you want the container to use an existing container's network stack, run the container with the --net=container:NAME_or_ID option (e.g., docker run --net=container:<NAME_or_ID> <container>).

Host to Network

To monitor traffic from the host to the network, set the monitored network interface to a host interface. This will also detect all traffic between containers and the external network.

The following image shows an example monitoring configuration where only the host interface is selected.

Note: Monitoring only on the host interface will not detect traffic between containers.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.