Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

When using Docker, ESTABLISHED connections don't appear in netstat

I have a docker container running on RHEL 7 with Docker 1.7.0. The program which running in this container listens for TCP connections on port 5000. In my Dockerfile I put the sentence EXPOSE 5000 and I run the container with the following command:

docker run \
--name myProgram \
--detach \
--publish 5000:5000 \
--volume /home/docker/apps/myProgram/logs:/var/log/myProgram/ \
--volume /home/docker/apps/myProgram/conf:/usr/local/snnotificationreceiver/conf/ \
--restart always \
10.167.152.15:5000/myProgram:1.0.0

When I execute netstat on the host I see the LISTEN socket:

[root@server bin]# netstat -naop | grep 5000
tcp6       0      0 :::5000                 :::*                    LISTEN      33595/docker-proxy   off (0.00/0/0)

I can connect to the application by connecting to the host ip address on port 5000 and the data I send to the application arrives. I know this because I see it on my application logs, the application also sends data through the socket. However I don't see any ESTABLISHED connections using netstat on the docker host:

[root@server bin]# netstat -naop | grep ESTABLISHED 

I see the ESTABLISHED connection on the client side which doesn't use docker:

[root@client ~]# netstat -naop | grep 5000
tcp        0      0 10.167.43.73:39218      10.167.152.138:5000     ESTABLISHED 21429/telnet         off (0.00/0/0)

I didn't find any docker command equivalent or similar to netstat Is this normal? How can I see the ESTABLISHED connections to a container or to the docker-proxy?

Thanks

like image 430
user1272178 Avatar asked May 11 '16 19:05

user1272178


People also ask

How do I expose Docker network to port?

You can expose a port through your Dockerfile or use --expose and then publish it with the -P flag. This will bind the exposed port to your Docker host on a random port (verified by running docker container ls ). You can expose a port through your Dockerfile or use --expose and then publish it with the -p 80:80 flag.

How do I know if my Docker port is exposed?

Exposed ports are visible when you list your containers with docker ps . They'll show up in the PORTS column, even though they won't actually be accessible outside the container. This gives you a simple way of checking which ports the software inside a container is listening on.

Do Docker containers have their own ports?

By default, when you create or run a container using docker create or docker run , it does not publish any of its ports to the outside world. To make a port available to services outside of Docker, or to Docker containers which are not connected to the container's network, use the --publish or -p flag.


1 Answers

You can either do:

docker exec <containerid> netstat -tan | grep ESTABLISHED

or if you don't have netstat in your docker image:

docker inspect -f '{{.State.Pid}}' <containerid> # note the PID
sudo nsenter -t <pid> -n netstat | grep ESTABLISHED

nsenter is part of util-linux package. (plagiarized @larsks)

like image 66
AdvilUser Avatar answered Oct 02 '22 19:10

AdvilUser