Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Docker and netstat: netstat is not showing ports, exposed by docker containers

Tags:

docker

netstat

I expose docker ports of my contaners to the host machine with something like

docker run -p 80:80 ... 

then I try to display all listening ports for debugging purposes with netstat e.g.:

netstat -at 

Strange thing is that netstat won't display my docker containers with exposed ports, although they are listening and reply to the browser.

How do I make netstat display those exposed ports?


UPDATE: I'm running this on Debian 8 Jessie. Here's what I do:

docker ps -a CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                      PORTS                                      NAMES 9dfa08bab50d        workflows-nginx     "/bin/sh -c '/usr/sbi"   2 hours ago         Up 2 hours                  0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   workflows-nginx d0b0c3f90f13        workflows-django    "/bin/sh -c 'python /"   7 hours ago         Up 3 hours                  0.0.0.0:8000->8000/tcp                     workflows-django 99a857c92533        workflows-db        "/docker-entrypoint.s"   7 hours ago         Up 3 hours                  5432/tcp                                   workflows-db 

Here docker reports that container ports are forwarded to the host. Moreover, if I stop workflows-nginx container, it stops answering to the browser by http (port 80). If I start it again, it starts responding again.

Here is the output of sudo netstat -at | less:

Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address           Foreign Address         State       tcp        0      0 *:ssh                   *:*                     LISTEN      tcp        0      0 localhost:ipp           *:*                     LISTEN      tcp        0      0 *:15672                 *:*                     LISTEN      tcp        0      0 *:postgresql            *:*                     LISTEN      tcp        0      0 localhost:smtp          *:*                     LISTEN      tcp        0      0 *:25672                 *:*                     LISTEN      tcp        0      0 *:48142                 *:*                     LISTEN      tcp        0      0 *:sunrpc                *:*                     LISTEN      tcp        0      0 *:epmd                  *:*                     LISTEN      tcp        0      0 bob-acer:34866          104.16.33.249:http      ESTABLISHED tcp        0      0 bob-acer:42380          stackoverflow.com:https ESTABLISHED tcp        0      0 bob-acer:42543          stackoverflow.com:https ESTABLISHED tcp        0      0 bob-acer:42525          stackoverflow.com:https ESTABLISHED tcp        0      0 bob-acer:44076          stackoverflow.com:https ESTABLISHED tcp        0      0 bob-acer:42944          stackoverflow.com:https ESTABLISHED tcp        0      0 localhost:epmd          localhost:50831         ESTABLISHED tcp        0      0 bob-acer:42655          stackoverflow.com:https ESTABLISHED tcp        0      0 bob-acer:42384          stackoverflow.com:https ESTABLISHED tcp        0      0 bob-acer:44626          stackoverflow.com:https ESTABLISHED tcp        0      0 bob-acer:42390          stackoverflow.com:https ESTABLISHED tcp        0      0 localhost:50831         localhost:epmd          ESTABLISHED tcp        0      0 bob-acer:48301          c2.52.c0ad.ip4.st:https ESTABLISHED tcp        0      0 bob-acer:42151          stackoverflow.com:https ESTABLISHED tcp        0      0 bob-acer:42205          stackoverflow.com:https ESTABLISHED tcp        0      0 bob-acer:42539          stackoverflow.com:https ESTABLISHED tcp        0      0 bob-acer:44737          stackoverflow.com:https ESTABLISHED tcp        0      0 bob-acer:39648          77.94.164.251:https     ESTABLISHED tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      tcp6       0      0 localhost:ipp           [::]:*                  LISTEN      tcp6       0      0 [::]:postgresql         [::]:*                  LISTEN      tcp6       0      0 localhost:smtp          [::]:*                  LISTEN      tcp6       0      0 [::]:44794              [::]:*                  LISTEN      tcp6       0      0 [::]:8000               [::]:*                  LISTEN      tcp6       0      0 [::]:amqp               [::]:*                  LISTEN      tcp6       0      0 [::]:sunrpc             [::]:*                  LISTEN      tcp6       1      0 localhost:58497         localhost:ipp           CLOSE_WAIT 

As you can see, neither port 80, nor port 443 are reported. Port 8000 of workflows-django for some reason is opened on IPv6 interface. Moreover, I forgot to disable postgres on host machine and still they don't clash with postgres container workflows-db.

Everything is running on my local notebook, so I guess there can't be any confusion with the host.

My docker version is:

docker --version Docker version 1.10.3, build 20f81dd 

ANSWER: This is related to docker EXPOSE parameter. If you write this line in your dockerfile and run the container with -p, the port will be visible in netstat. If you use -p but don't write EXPOSE, your port won't be listed by netstat.

like image 382
Boris Burkov Avatar asked Apr 06 '16 14:04

Boris Burkov


1 Answers

It's never too late to answer a question.

Using netstat -tln, not netstat -at.

It's very simple to answer, if you notify the --numeric option for netstat. By using this option, netstat will print address with numbers instead of meaningful string. Then you can grep them as you mentioned. Following shows how it works.

[root@A01-R26-I52-155-3002023 ~]# netstat -tl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address           Foreign Address         State       tcp        0      0 localhost.localdom:smux 0.0.0.0:*               LISTEN      tcp        0      0 localhost.localdo:18121 0.0.0.0:*               LISTEN      tcp        0      0 localhost.localdo:18122 0.0.0.0:*               LISTEN      tcp        0      0 localhost.localdo:18123 0.0.0.0:*               LISTEN      tcp        0      0 localhost.localdo:18124 0.0.0.0:*               LISTEN      tcp        0      0 localhost.localdo:18125 0.0.0.0:*               LISTEN      tcp        0      0 0.0.0.0:sunrpc          0.0.0.0:*               LISTEN      tcp        0      0 localhost.localdo:18928 0.0.0.0:*               LISTEN      tcp        0      0 0.0.0.0:20080           0.0.0.0:*               LISTEN      tcp        0      0 A01-R26-:univ-appserver 0.0.0.0:*               LISTEN      tcp        0      0 A01-R26-:univ-appserver 0.0.0.0:*               LISTEN      tcp        0      0 localhost.:search-agent 0.0.0.0:*               LISTEN      tcp        0      0 localhost:mosaicsyssvc1 0.0.0.0:*               LISTEN      tcp        0      0 A01-R26-I52-155-300:ssh 0.0.0.0:*               LISTEN      tcp6       0      0 [::]:37611              [::]:*                  LISTEN      tcp6       0      0 [::]:sunrpc             [::]:*                  LISTEN      tcp6       0      0 [::]:microsan           [::]:*                  LISTEN      tcp6       0      0 [::]:commtact-http      [::]:*                  LISTEN      [root@A01-R26-I52-155-3002023 ~]# netstat -tln Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address           Foreign Address         State       tcp        0      0 127.0.0.1:199           0.0.0.0:*               LISTEN      tcp        0      0 127.0.0.1:18121         0.0.0.0:*               LISTEN      tcp        0      0 127.0.0.1:18122         0.0.0.0:*               LISTEN      tcp        0      0 127.0.0.1:18123         0.0.0.0:*               LISTEN      tcp        0      0 127.0.0.1:18124         0.0.0.0:*               LISTEN      tcp        0      0 127.0.0.1:18125         0.0.0.0:*               LISTEN      tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      tcp        0      0 127.0.0.1:18928         0.0.0.0:*               LISTEN      tcp        0      0 0.0.0.0:20080           0.0.0.0:*               LISTEN      tcp        0      0 10.217.52.155:1233      0.0.0.0:*               LISTEN      tcp        0      0 10.218.52.155:1233      0.0.0.0:*               LISTEN      tcp        0      0 127.0.0.1:1234          0.0.0.0:*               LISTEN      tcp        0      0 127.0.0.1:1235          0.0.0.0:*               LISTEN      tcp        0      0 10.217.52.155:22        0.0.0.0:*               LISTEN      tcp6       0      0 :::37611                :::*                    LISTEN      tcp6       0      0 :::111                  :::*                    LISTEN      tcp6       0      0 :::20001                :::*                    LISTEN      tcp6       0      0 :::20002                :::*                    LISTEN 
like image 115
Frank Wang Avatar answered Oct 07 '22 14:10

Frank Wang