I expose docker ports of my contaners to the host machine with something like
docker run -p 80:80 ...
then I try to display all listening ports for debugging purposes with netstat
e.g.:
netstat -at
Strange thing is that netstat won't display my docker containers with exposed ports, although they are listening and reply to the browser.
How do I make netstat
display those exposed ports?
UPDATE: I'm running this on Debian 8 Jessie. Here's what I do:
docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 9dfa08bab50d workflows-nginx "/bin/sh -c '/usr/sbi" 2 hours ago Up 2 hours 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp workflows-nginx d0b0c3f90f13 workflows-django "/bin/sh -c 'python /" 7 hours ago Up 3 hours 0.0.0.0:8000->8000/tcp workflows-django 99a857c92533 workflows-db "/docker-entrypoint.s" 7 hours ago Up 3 hours 5432/tcp workflows-db
Here docker reports that container ports are forwarded to the host. Moreover, if I stop workflows-nginx
container, it stops answering to the browser by http (port 80). If I start it again, it starts responding again.
Here is the output of sudo netstat -at | less
:
Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:ssh *:* LISTEN tcp 0 0 localhost:ipp *:* LISTEN tcp 0 0 *:15672 *:* LISTEN tcp 0 0 *:postgresql *:* LISTEN tcp 0 0 localhost:smtp *:* LISTEN tcp 0 0 *:25672 *:* LISTEN tcp 0 0 *:48142 *:* LISTEN tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 *:epmd *:* LISTEN tcp 0 0 bob-acer:34866 104.16.33.249:http ESTABLISHED tcp 0 0 bob-acer:42380 stackoverflow.com:https ESTABLISHED tcp 0 0 bob-acer:42543 stackoverflow.com:https ESTABLISHED tcp 0 0 bob-acer:42525 stackoverflow.com:https ESTABLISHED tcp 0 0 bob-acer:44076 stackoverflow.com:https ESTABLISHED tcp 0 0 bob-acer:42944 stackoverflow.com:https ESTABLISHED tcp 0 0 localhost:epmd localhost:50831 ESTABLISHED tcp 0 0 bob-acer:42655 stackoverflow.com:https ESTABLISHED tcp 0 0 bob-acer:42384 stackoverflow.com:https ESTABLISHED tcp 0 0 bob-acer:44626 stackoverflow.com:https ESTABLISHED tcp 0 0 bob-acer:42390 stackoverflow.com:https ESTABLISHED tcp 0 0 localhost:50831 localhost:epmd ESTABLISHED tcp 0 0 bob-acer:48301 c2.52.c0ad.ip4.st:https ESTABLISHED tcp 0 0 bob-acer:42151 stackoverflow.com:https ESTABLISHED tcp 0 0 bob-acer:42205 stackoverflow.com:https ESTABLISHED tcp 0 0 bob-acer:42539 stackoverflow.com:https ESTABLISHED tcp 0 0 bob-acer:44737 stackoverflow.com:https ESTABLISHED tcp 0 0 bob-acer:39648 77.94.164.251:https ESTABLISHED tcp6 0 0 [::]:ssh [::]:* LISTEN tcp6 0 0 localhost:ipp [::]:* LISTEN tcp6 0 0 [::]:postgresql [::]:* LISTEN tcp6 0 0 localhost:smtp [::]:* LISTEN tcp6 0 0 [::]:44794 [::]:* LISTEN tcp6 0 0 [::]:8000 [::]:* LISTEN tcp6 0 0 [::]:amqp [::]:* LISTEN tcp6 0 0 [::]:sunrpc [::]:* LISTEN tcp6 1 0 localhost:58497 localhost:ipp CLOSE_WAIT
As you can see, neither port 80, nor port 443 are reported. Port 8000 of workflows-django
for some reason is opened on IPv6 interface. Moreover, I forgot to disable postgres on host machine and still they don't clash with postgres container workflows-db
.
Everything is running on my local notebook, so I guess there can't be any confusion with the host.
My docker version is:
docker --version Docker version 1.10.3, build 20f81dd
ANSWER: This is related to docker EXPOSE parameter. If you write this line in your dockerfile and run the container with -p, the port will be visible in netstat. If you use -p but don't write EXPOSE, your port won't be listed by netstat.
It's never too late to answer a question.
Using netstat -tln
, not netstat -at
.
It's very simple to answer, if you notify the --numeric
option for netstat
. By using this option, netstat will print address with numbers instead of meaningful string. Then you can grep them as you mentioned. Following shows how it works.
[root@A01-R26-I52-155-3002023 ~]# netstat -tl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 localhost.localdom:smux 0.0.0.0:* LISTEN tcp 0 0 localhost.localdo:18121 0.0.0.0:* LISTEN tcp 0 0 localhost.localdo:18122 0.0.0.0:* LISTEN tcp 0 0 localhost.localdo:18123 0.0.0.0:* LISTEN tcp 0 0 localhost.localdo:18124 0.0.0.0:* LISTEN tcp 0 0 localhost.localdo:18125 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN tcp 0 0 localhost.localdo:18928 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:20080 0.0.0.0:* LISTEN tcp 0 0 A01-R26-:univ-appserver 0.0.0.0:* LISTEN tcp 0 0 A01-R26-:univ-appserver 0.0.0.0:* LISTEN tcp 0 0 localhost.:search-agent 0.0.0.0:* LISTEN tcp 0 0 localhost:mosaicsyssvc1 0.0.0.0:* LISTEN tcp 0 0 A01-R26-I52-155-300:ssh 0.0.0.0:* LISTEN tcp6 0 0 [::]:37611 [::]:* LISTEN tcp6 0 0 [::]:sunrpc [::]:* LISTEN tcp6 0 0 [::]:microsan [::]:* LISTEN tcp6 0 0 [::]:commtact-http [::]:* LISTEN [root@A01-R26-I52-155-3002023 ~]# netstat -tln Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:18121 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:18122 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:18123 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:18124 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:18125 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:18928 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:20080 0.0.0.0:* LISTEN tcp 0 0 10.217.52.155:1233 0.0.0.0:* LISTEN tcp 0 0 10.218.52.155:1233 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:1234 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:1235 0.0.0.0:* LISTEN tcp 0 0 10.217.52.155:22 0.0.0.0:* LISTEN tcp6 0 0 :::37611 :::* LISTEN tcp6 0 0 :::111 :::* LISTEN tcp6 0 0 :::20001 :::* LISTEN tcp6 0 0 :::20002 :::* LISTEN
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With