0

正如标题所说,我需要构建一个能够嗅探网络上所有流量的docker 容器

这是我目前的docker-compose文件:

services:
  opencpn:
    build:
      context: ./opencpn
      dockerfile: Dockerfile
    container_name: opencpn
    image: opencpn
    ports:
      - "8080:8080"
    networks:
      ship:
        ipv4_address: 172.20.0.2

  proxyais:
    build:
      context: ./proxyais
      dockerfile: Dockerfile
    image: proxyais
    container_name: proxyais
    ports:
      - "10110:10110/udp"
      - "18304:18304/udp"
    networks:
      ship:
        ipv4_address: 172.20.0.3
    environment:
      - VDR=127.0.0.1
      - IPR=172.20.0.3
      - BRIDGE=172.20.0.2
      - VH=172.20.0.4
      - GW=172.20.0.1

  suricata:
    build:
      context: ./suricata
      dockerfile: Dockerfile
    image: suricata
    container_name: suricata
    cap_add:
      - NET_ADMIN
      - SYS_NICE
    # network_mode: host <-- it works but I don't want to use it like this
    networks:
      ship:
        ipv4_address: 172.20.0.5

networks:
  ship:
    name: ship_network
    ipam:
      config:
        - subnet: 172.20.0.0/16
          gateway: 172.20.0.1

如果我在suricata 服务容器中打开一个 shell 并用午餐tcpdump,我只会获得广播包,而不是获得我需要的所有流量。

我可以通过设置network_mode: host来实现我的目标,但是在嗅探器容器中,我应该将tcpdump附加到另一个接口(br-xxxxx)上,每次撰写时都会改变,所以我不想使用它。

我快疯了,我到底要怎么做一个混杂的容器?!?

先感谢您!

4

0 回答 0