Usage with Docker

Netshoot is highly effective for debugging Docker environments. It can attach to the network stack of other containers or the host itself.

Attaching to a Container's Network Namespace

This is one of the most common use cases. If you suspect a specific application container is having network issues, you can launch Netshoot and attach it directly to that container's network namespace. This gives you a powerful shell with a full suite of tools to inspect the application's network environment from the inside.

Command:

docker run -it --net container:<container_name_or_id> nicolaka/netshoot

Example:

Let's say you have a Nginx container running:

docker run -d --name my-web-server nginx

Now, to troubleshoot its network, run:

docker run -it --rm --net container:my-web-server nicolaka/netshoot

Inside this Netshoot session, any network command you run (e.g., ifconfig, netstat, ss) will reflect the state of the my-web-server container's network, not Netshoot's own.

# Inside the netshoot container, attached to nginx
# This will show listening ports for nginx
netstat -tulpn

Attaching to the Host's Network Namespace

If you suspect the networking issue lies with the Docker host itself (e.g., problems with routing, firewall, or physical interfaces), you can launch Netshoot with the host's network namespace.

This allows you to use the tools within Netshoot to inspect the host's network stack without needing to install anything directly on the host.

Command:

docker run -it --rm --net host nicolaka/netshoot

Once inside, commands like ip route show or ethtool eth0 will operate on the host's network interfaces and routing table.

Using with Docker Compose

Netshoot can be easily integrated into a docker-compose.yml file to debug multi-service applications. This is particularly useful for tasks like capturing network traffic between services.

In this example, we define a tcpdump service using the Netshoot image. It attaches to the network namespace of the nginx service to capture traffic and save it to a local volume.

docker-compose.yml Example:

version: "3.6"
services:
  tcpdump:
    image: nicolaka/netshoot
    depends_on:
      - nginx
    # The command to execute: capture traffic on eth0
    command: tcpdump -i eth0 -w /data/nginx.pcap
    # Attach to the nginx service's network stack
    network_mode: service:nginx
    volumes:
      # Mount a local directory to store the capture file
      - ./data:/data

  nginx:
    image: nginx:alpine
    ports:
      - "80:80"

To run this setup:

  1. Create a data directory: mkdir data
  2. Run Docker Compose: docker-compose up

As you send traffic to nginx, tcpdump will capture it and save it to data/nginx.pcap on your host machine, which you can then analyze.