正如标题所说,我需要构建一个能够嗅探网络上所有流量的docker 容器。
这是我目前的docker-compose文件:
services:
opencpn:
build:
context: ./opencpn
dockerfile: Dockerfile
container_name: opencpn
image: opencpn
ports:
- "8080:8080"
networks:
ship:
ipv4_address: 172.20.0.2
proxyais:
build:
context: ./proxyais
dockerfile: Dockerfile
image: proxyais
container_name: proxyais
ports:
- "10110:10110/udp"
- "18304:18304/udp"
networks:
ship:
ipv4_address: 172.20.0.3
environment:
- VDR=127.0.0.1
- IPR=172.20.0.3
- BRIDGE=172.20.0.2
- VH=172.20.0.4
- GW=172.20.0.1
suricata:
build:
context: ./suricata
dockerfile: Dockerfile
image: suricata
container_name: suricata
cap_add:
- NET_ADMIN
- SYS_NICE
# network_mode: host <-- it works but I don't want to use it like this
networks:
ship:
ipv4_address: 172.20.0.5
networks:
ship:
name: ship_network
ipam:
config:
- subnet: 172.20.0.0/16
gateway: 172.20.0.1
如果我在suricata 服务容器中打开一个 shell 并用午餐tcpdump,我只会获得广播包,而不是获得我需要的所有流量。
我可以通过设置network_mode: host来实现我的目标,但是在嗅探器容器中,我应该将tcpdump附加到另一个接口(br-xxxxx)上,每次撰写时都会改变,所以我不想使用它。
我快疯了,我到底要怎么做一个混杂的容器?!?
先感谢您!