Included Tools Reference

Netshoot comes packed with a wide variety of networking tools. This page provides a comprehensive list and usage examples for some of the most common ones.

Included Packages

The image is based on alpine:3.22.0 and includes the following packages installed via apk:

  • apache2-utils
  • bash
  • bind-tools (includes dig)
  • bird
  • bridge-utils
  • busybox-extras
  • conntrack-tools
  • curl
  • dhcping
  • drill
  • ethtool
  • file
  • fping
  • iftop
  • iperf
  • iperf3
  • iproute2 (includes ip, ss)
  • ipset
  • iptables
  • iptraf-ng
  • iputils (includes ping, arping)
  • ipvsadm
  • httpie
  • jq
  • libc6-compat
  • liboping
  • ltrace
  • mtr
  • net-snmp-tools
  • netcat-openbsd
  • nftables
  • ngrep
  • nmap
  • nmap-nping
  • nmap-scripts
  • openssl
  • py3-pip
  • py3-setuptools
  • scapy
  • socat
  • speedtest-cli
  • openssh
  • oh-my-zsh
  • strace
  • tcpdump
  • tcptraceroute
  • trippy
  • tshark
  • util-linux
  • vim
  • git
  • zsh
  • websocat
  • swaks
  • perl-crypt-ssleay
  • perl-net-ssleay

Additional Binaries

The following tools are fetched and installed separately:

  • ctop: Top-like interface for container metrics.
  • calicoctl: Command-line tool for Calico.
  • termshark: A terminal UI for tshark.
  • grpcurl: A command-line tool for interacting with gRPC servers.
  • fortio: A load testing library and command-line tool.

Tool Examples

Here are practical examples for some of the included tools.

iperf

Purpose: Test network performance (bandwidth, jitter, loss) between two points.

Example: 

# Create a dedicated Docker network
$ docker network create -d bridge perf-test

# Start the iperf server in one container
$ docker run -d --rm --net perf-test --name perf-test-a nicolaka/netshoot iperf -s -p 9999

# Run the iperf client in another container to test against the server
$ docker run -it --rm --net perf-test --name perf-test-b nicolaka/netshoot iperf -c perf-test-a -p 9999

tcpdump

Purpose: Powerful command-line packet analyzer.

Example: 

# Attach to the network namespace of the 'perf-test-a' container
$ docker run -it --net container:perf-test-a nicolaka/netshoot

# Inside the container, capture one packet on port 9999 and print its content
/ # tcpdump -i eth0 port 9999 -c 1 -Xvv

netstat

Purpose: Display network connections, routing tables, interface statistics, etc.

Example: 

$ docker run -it --net container:perf-test-a nicolaka/netshoot

# List all listening TCP and UDP ports
/ # netstat -tulpn

nmap

Purpose: Network exploration and security auditing tool; useful for port scanning.

Example: 

# Scan a range of ports on a specific IP address
$ docker run -it --privileged nicolaka/netshoot nmap -p 12376-12390 -dd 172.31.24.25

iftop

Purpose: Displays bandwidth usage on an interface by host, similar to top for CPU.

Example: 

$ docker run -it --net container:perf-test-a nicolaka/netshoot iftop -i eth0

drill

Purpose: A tool for querying and troubleshooting DNS.

Example: 

# Perform a verbose DNS lookup for 'perf-test-b'
$ docker run -it --net container:perf-test-a nicolaka/netshoot drill -V 5 perf-test-b

netcat

Purpose: A versatile utility for reading from and writing to network connections using TCP or UDP. Great for testing port connectivity.

Example: 

# Create a Docker network
$ docker network create -d bridge my-br

# Run a simple listener on port 8080
$ docker run -d --rm --net my-br --name service-a nicolaka/netshoot nc -l 8080

# From another container, check if a TCP connection can be made to service-a on port 8080
$ docker run -it --rm --net my-br --name service-b nicolaka/netshoot nc -vz service-a 8080
# Expected output: Connection to service-a 8080 port [tcp/*] succeeded!

iproute2

Purpose: A collection of utilities for controlling networking in Linux (e.g., ip, ss).

Example: 

# Run netshoot on the host's network to inspect its configuration
$ docker run -it --net host nicolaka/netshoot

# Show the host's routing table
/ # ip route show

# Show the host's ARP table
/ # ip neigh show

nsenter

Purpose: Run a program in different namespaces. Useful for entering Docker bridge network namespaces.

Example: 

# Run netshoot in privileged mode and mount the host's network namespace directory
$ docker run -it --rm -v /var/run/docker/netns:/var/run/docker/netns --privileged=true nicolaka/netshoot

# List available network namespaces
/ # ls /var/run/docker/netns/

# Enter a specific network namespace and run a shell
/ # nsenter --net=/var/run/docker/netns/<namespace> sh

ctop

Purpose: A top-like command-line tool for monitoring container metrics.

Example: 

# Mount the Docker socket to allow ctop to access container information
$ docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock nicolaka/netshoot ctop

Termshark

Purpose: A terminal UI for tshark, allowing for interactive packet analysis in the console.

Example: 

# Sniff ICMP traffic on eth0 interactively
$ docker run --rm --cap-add=NET_ADMIN --cap-add=NET_RAW -it nicolaka/netshoot termshark -i eth0 icmp

# Read and analyze a pcap file from the host
$ docker run --rm --cap-add=NET_ADMIN --cap-add=NET_RAW -v /tmp/ipv4frags.pcap:/tmp/ipv4frags.pcap -it nicolaka/netshoot termshark -r /tmp/ipv4frags.pcap

Swaks

Purpose: The Swiss Army Knife for SMTP. A scriptable tool for testing SMTP setups.

Example: 

swaks --to user@example.com \
  --from fred@example.com --h-From: '"Fred Example" <fred@example.com>' \
  --auth CRAM-MD5 --auth-user me@example.com \
  --header-X-Test "test email" \
  --tls \
  --data "Example body"

Grpcurl

Purpose: A command-line tool to interact with gRPC servers, similar to curl for HTTP.

Example: 

# Call a gRPC method over TLS
grpcurl grpc.server.com:443 my.custom.server.Service/Method

# Call a gRPC method over an insecure connection
grpcurl -plaintext grpc.server.com:80 my.custom.server.Service/Method

Fortio

Purpose: A load testing tool and simple web UI.

Example: 

# Run a simple load test against google.com
fortio load http://www.google.com