{"id":23601,"date":"2025-07-02T06:43:37","date_gmt":"2025-07-02T06:43:37","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=23601"},"modified":"2025-07-12T05:38:38","modified_gmt":"2025-07-12T05:38:38","slug":"docker-lab-excercise-assignment-4-docker-networking","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/docker-lab-excercise-assignment-4-docker-networking\/","title":{"rendered":"Docker Lab, Excercise & Assignment – 4 – Docker Networking"},"content":{"rendered":"\n

Here\u2019s an in-depth, step-by-step tutorial and lab manual<\/strong> for Docker Networking\u2014starting from basics, covering all core concepts, and providing a hands-on guide to every feature and command. This guide uses the Ubuntu image<\/strong> for all labs and examples.<\/p>\n\n\n\n

\n\n\n\n

Docker Networking Concepts & Lab Manual (Beginner to Advanced)<\/h1>\n\n\n\n
\n\n\n\n

1. Docker Networking Concepts: Introduction<\/strong><\/h2>\n\n\n\n

1.1 What is Docker Networking?<\/h3>\n\n\n\n

Docker networking is the system that allows Docker containers to communicate with each other, with the Docker host, and with external networks. Each container, by default, is attached to a network, typically the bridge<\/code> network.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\n\n\n\n

2. Core Concepts<\/strong><\/h2>\n\n\n\n

2.1 Types of Docker Networks<\/h3>\n\n\n\n
Network Type<\/th>Driver<\/th>Description<\/th><\/tr><\/thead>
bridge<\/td>bridge<\/td>Default network for containers. Each container gets a virtual Ethernet interface (veth) in its own network namespace.<\/td><\/tr>
host<\/td>host<\/td>Shares the host’s networking stack. No isolation between host and container network.<\/td><\/tr>
none<\/td>null<\/td>No networking for the container. Only loopback.<\/td><\/tr>
custom<\/td>bridge<\/td>User-defined networks for more control.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n\n\n\n

2.2 Core Components<\/h3>\n\n\n\n
    \n
  • Bridge<\/strong>: A virtual switch for containers on the same host.<\/li>\n\n\n\n
  • veth Pair<\/strong>: A pair of virtual ethernet devices. One end is in the container, the other in the host.<\/li>\n\n\n\n
  • eth0<\/strong>: The default network interface inside the container.<\/li>\n<\/ul>\n\n\n\n
    \n\n\n\n

    3. Lab Manual: Hands-on with Docker Networking<\/strong><\/h2>\n\n\n\n

    All commands below are to be run on a Docker host with the Ubuntu<\/strong> image pulled (docker pull ubuntu<\/code>).<\/p>\n\n\n\n

    \n\n\n\n

    3.1 Listing Docker Networks<\/strong><\/h3>\n\n\n
    docker network ls\n<\/code><\/span><\/pre>\n\n\n
    Output:<\/strong><\/p>\n\n\n
    NETWORK ID     NAME      DRIVER    SCOPE\n0<\/span>bb0cc0920f0   bridge    bridge    local\n8<\/span>acf821ccc8a   host      host      local\na8c348b5037b   none      null<\/span>      local\n<\/code><\/span>Code language:<\/span> JavaScript<\/span> (<\/span>javascript<\/span>)<\/span><\/small><\/pre>\n\n\n
    \n\n\n\n
    3.2 Inspecting a Docker Network<\/strong><\/h3>\n\n\n
    docker network inspect bridge\n<\/code><\/span><\/pre>\n\n\n
      \n
    • Shows subnet, gateway, attached containers, etc.<\/li>\n<\/ul>\n\n\n\n
      \n\n\n\n
      3.3 Creating Custom Networks<\/strong><\/h3>\n\n\n
      docker network create dev\ndocker network create qa\ndocker network create --driver bridge devopsschool\n<\/code><\/span><\/pre>\n\n\n
      \n\n\n\n
      3.4 Inspecting Custom Networks<\/strong><\/h3>\n\n\n
      docker network inspect dev\ndocker network inspect qa\n<\/code><\/span><\/pre>\n\n\n
      \n\n\n\n
      3.5 Running Containers with Specific Networks<\/strong><\/h3>\n\n\n
      # Create and attach container to 'qa' network<\/span>\ndocker run -itd --name qa1 --net=qa ubuntu\n\n# Create and attach container to 'dev' network<\/span>\ndocker run -itd --name dev1 --net=dev ubuntu\n<\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
      \n\n\n\n
      3.6 Viewing Network Interfaces in Containers<\/strong><\/h3>\n\n\n
      docker exec -it qa1 \/bin\/bash\nip a\n# Check eth0 interface, assigned IP, etc.<\/span>\nexit<\/span>\n<\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
      \n\n\n\n
      3.7 Network Connection Scenarios<\/strong><\/h3>\n\n\n\n
      A. Connecting a Container to Multiple Networks<\/strong><\/h4>\n\n\n
      docker network connect dev qa1\ndocker inspect qa1 | grep -A 20<\/span> \"Networks\"<\/span>\n<\/code><\/span>Code language:<\/span> JavaScript<\/span> (<\/span>javascript<\/span>)<\/span><\/small><\/pre>\n\n\n
      B. Disconnecting a Container from a Network<\/strong><\/h4>\n\n\n
      docker network disconnect dev qa1\ndocker inspect qa1 | grep -A 20<\/span> \"Networks\"<\/span>\n<\/code><\/span>Code language:<\/span> JavaScript<\/span> (<\/span>javascript<\/span>)<\/span><\/small><\/pre>\n\n\n
      \n\n\n\n
      3.8 Testing Connectivity Between Containers<\/strong><\/h3>\n\n\n\n
        \n
      1. Create two containers on the same network: 
        docker run -itd --name qa2 --net=qa ubuntu<\/code><\/li>\n\n\n\n
      2. Install ping<\/code> utility (inside both containers): 
        docker exec -it qa1 apt update <\/code>
        docker exec -it qa1 apt install iputils-ping -y <\/code>
        docker exec -it qa2 apt update <\/code>
        docker exec -it qa2 apt install iputils-ping -y<\/code><\/li>\n\n\n\n
      3. Get the IP of qa2<\/code>: docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' qa2<\/code><\/li>\n\n\n\n
      4. Ping from qa1<\/code> to qa2<\/code>: docker exec -it qa1 ping <qa2-IP><\/code><\/li>\n<\/ol>\n\n\n\n
        \n\n\n\n
        3.9 Default Networks: host and none<\/strong><\/h3>\n\n\n\n
        A. Host Network<\/strong><\/h4>\n\n\n
        docker run -itd --name host1 --net=host ubuntu\ndocker exec -it host1 ip a\n# Shares all network interfaces with host.<\/span>\n<\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
        B. None Network<\/strong><\/h4>\n\n\n
        docker run -itd --name none1 --net=none ubuntu\ndocker exec -it none1 ip a\n# Only loopback interface is present.<\/span>\n<\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
        \n\n\n\n
        3.10 Understanding veth, Bridge, eth0<\/strong><\/h3>\n\n\n\n
          \n
        • Each container connected to a bridge gets a pair of virtual ethernet interfaces (veth):\n
            \n
          • One end in container as eth0<\/strong><\/li>\n\n\n\n
          • Other end in the Docker bridge on the host.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
            Lab: See the veth pair<\/strong><\/p>\n\n\n\n
              \n
            1. Find container PID: docker inspect --format '{{.State.Pid}}' qa1<\/code><\/li>\n\n\n\n
            2. On host, see interfaces: ip link # Look for veth... interfaces<\/code><\/li>\n\n\n\n
            3. In container: docker exec -it qa1 ip a # eth0<\/code><\/li>\n<\/ol>\n\n\n\n
              \n\n\n\n
              3.11 Removing and Pruning Networks<\/strong><\/h3>\n\n\n
              docker network rm dev\ndocker network prune  # Removes all unused networks<\/span>\n<\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
              \n\n\n\n
              3.12 Advanced Networking Commands<\/strong><\/h3>\n\n\n\n
              A. List Containers on a Network<\/strong><\/h4>\n\n\n
              docker network inspect qa | grep Name\n<\/code><\/span><\/pre>\n\n\n
              B. Assign Static IP to Container<\/strong><\/h4>\n\n\n
              docker network create --subnet=192.168.100.0\/24 staticnet\ndocker run -itd --name static1 --net=staticnet --ip=192.168.100.10 ubuntu\ndocker exec -it static1 ip a\n<\/code><\/span><\/pre>\n\n\n
              \n\n\n\n
              3.13 Network Namespace Lab (Linux)<\/strong><\/h3>\n\n\n\n
              View container’s network namespace:<\/strong><\/p>\n\n\n\n
                \n
              1. Get container PID: docker inspect --format '{{.State.Pid}}' qa1<\/code><\/li>\n\n\n\n
              2. On host: nsenter -t <PID> -n ip a<\/code><\/li>\n<\/ol>\n\n\n\n
                \n\n\n\n
                4. Docker Network CLI Cheat Sheet<\/strong><\/h2>\n\n\n\n
                Command<\/th>Purpose<\/th><\/tr><\/thead>
                docker network ls<\/td>List all networks<\/td><\/tr>
                docker network create<\/td>Create a new network<\/td><\/tr>
                docker network inspect<\/td>Inspect network details<\/td><\/tr>
                docker run –net= …<\/td>Run container on a specific network<\/td><\/tr>
                docker network connect<\/td>Attach container to network<\/td><\/tr>
                docker network disconnect<\/td>Detach container from network<\/td><\/tr>
                docker network rm<\/td>Remove a network<\/td><\/tr>
                docker network prune<\/td>Remove all unused networks<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
                \n\n\n\n
                5. Advanced Scenarios<\/strong><\/h2>\n\n\n\n
                5.1 Container to Host Networking<\/strong><\/h3>\n\n\n\n
                  \n
                • Bridge:<\/strong> Containers can communicate with the host via the gateway IP of the bridge.<\/li>\n\n\n\n
                • Host:<\/strong> Full access, same as host.<\/li>\n<\/ul>\n\n\n\n
                  5.2 Container to External World<\/strong><\/h3>\n\n\n\n
                    \n
                  • By default, containers can reach the outside world unless firewalled.<\/li>\n<\/ul>\n\n\n\n
                    \n\n\n\n
                    6. Sample Lab Scenarios<\/strong><\/h2>\n\n\n\n
                    Scenario 1: Multi-network Container<\/h3>\n\n\n\n
                      \n
                    1. Create two networks: docker network create netA docker network create netB<\/code><\/li>\n\n\n\n
                    2. Run container in netA: docker run -itd --name multi1 --net=netA ubuntu<\/code><\/li>\n\n\n\n
                    3. Connect it to netB: docker network connect netB multi1<\/code><\/li>\n\n\n\n
                    4. Inspect: docker inspect multi1 | grep -A 20 \"Networks\"<\/code><\/li>\n<\/ol>\n\n\n\n
                      Scenario 2: Communication Restriction<\/h3>\n\n\n\n
                        \n
                      1. Run two containers, one on dev<\/code>, one on qa<\/code>.<\/li>\n\n\n\n
                      2. They cannot ping each other (different networks).<\/li>\n\n\n\n
                      3. Connect one container to both networks; now it can access both.<\/li>\n<\/ol>\n\n\n\n
                        Scenario 3: Isolated Network<\/h3>\n\n\n\n
                          \n
                        1. Create a network with --internal<\/code> flag (blocks external access): docker network create --internal isolated docker run -itd --net=isolated --name isoc1 ubuntu<\/code><\/li>\n\n\n\n
                        2. Try to ping external site\u2014it will fail.<\/li>\n<\/ol>\n\n\n\n
                          \n\n\n\n
                          7. Cleaning Up<\/strong><\/h2>\n\n\n
                          docker network prune\ndocker network rm <network_name<\/span>><\/span>\ndocker rm -f $(docker ps -aq)\n<\/code><\/span>Code language:<\/span> HTML, XML<\/span> (<\/span>xml<\/span>)<\/span><\/small><\/pre>\n\n\n
                          \n\n\n\n
                          Summary: Docker Networking Deep Dive<\/strong><\/h1>\n\n\n\n
                            \n
                          • Bridge<\/strong>: Default, most common network. Use for most container-to-container communication.<\/li>\n\n\n\n
                          • veth<\/strong>: Connects container\u2019s network stack to host bridge.<\/li>\n\n\n\n
                          • eth0<\/strong>: Network interface in container.<\/li>\n\n\n\n
                          • host\/none<\/strong>: Special cases for sharing host stack or isolating.<\/li>\n<\/ul>\n\n\n\n
                            \n\n\n\n
                            Further Learning<\/strong><\/h2>\n\n\n\n
                              \n
                            • Overlay networks (for Docker Swarm\/multi-host).<\/li>\n\n\n\n
                            • Macvlan networks.<\/li>\n\n\n\n
                            • DNS resolution within Docker networks.<\/li>\n\n\n\n
                            • Exposing and publishing ports (-p<\/code>, --expose<\/code>).<\/li>\n<\/ul>\n\n\n\n
                              \n\n\n\n
                              Full Docker Networking Lab Script (Ready to Use)<\/strong><\/h1>\n\n\n
                              # Step 1: Pull Ubuntu image<\/span>\ndocker pull ubuntu\n\n# Step 2: List Docker networks<\/span>\ndocker network ls\n\n# Step 3: Inspect bridge network<\/span>\ndocker network inspect bridge\n\n# Step 4: Create custom networks<\/span>\ndocker network create dev\ndocker network create qa\n\n# Step 5: List and inspect<\/span>\ndocker network ls\ndocker network inspect dev\n\n# Step 6: Run containers on custom networks<\/span>\ndocker run -itd --name dev1 --net=dev ubuntu\ndocker run -itd --name qa1 --net=qa ubuntu\n\n# Step 7: Inspect container network interfaces<\/span>\ndocker exec -it dev1 ip a\ndocker exec -it qa1 ip a\n\n# Step 8: Connect dev1 to qa<\/span>\ndocker network connect qa dev1\n\n# Step 9: Disconnect dev1 from qa<\/span>\ndocker network disconnect qa dev1\n\n# Step 10: Host and none networks<\/span>\ndocker run -itd --name host1 --net=host ubuntu\ndocker run -itd --name none1 --net=none ubuntu\n\n# Step 11: Assign static IP<\/span>\ndocker network create --subnet=192.168<\/span>.55<\/span>.0<\/span>\/24<\/span> staticnet\ndocker run -itd --name static1 --net=staticnet --ip=192.168<\/span>.55<\/span>.10<\/span> ubuntu\n\n# Step 12: Network cleanup<\/span>\ndocker network prune\ndocker network rm dev qa staticnet\ndocker rm -f $(docker ps -aq)\n<\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
                              \n\n\n\n
                              Here\u2019s a comprehensive manual<\/strong> listing all essential Linux networking commands<\/strong> to explore, inspect, and troubleshoot Docker container networking<\/strong> on Ubuntu. This guide covers how to analyze networking at the host<\/strong> level and inside the container<\/strong>\u2014from simple checks to advanced network namespace tricks.
                              <\/h2>\n\n\n\n
                              \n\n\n\n
                              Manual: Linux Networking Commands for Exploring Docker Container Networking<\/strong><\/h1>\n\n\n\n
                              \n\n\n\n
                              1. Checking Network Interfaces<\/strong><\/h2>\n\n\n\n
                              On the Host:<\/strong><\/p>\n\n\n
                              ip a             # Shows all network interfaces (look for docker0, veth*, etc.)<\/span>\nifconfig -a      # Alternative view (may need 'net-tools' package)<\/span>\nip link          # Lists all interfaces (states, MACs)<\/span>\n<\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
                              Inside a Container:<\/strong><\/p>\n\n\n
                              docker exec -it <container-name<\/span>><\/span> ip a\ndocker exec -it <container-name<\/span>><\/span> ifconfig -a\n<\/code><\/span>Code language:<\/span> HTML, XML<\/span> (<\/span>xml<\/span>)<\/span><\/small><\/pre>\n\n\n
                              \n
                              Tip:<\/strong> The container\u2019s main interface is usually eth0<\/code>.<\/p>\n<\/blockquote>\n\n\n\n
                              \n\n\n\n
                              2. Checking Routing Tables<\/strong><\/h2>\n\n\n\n
                              On the Host:<\/strong><\/p>\n\n\n
                              ip route\nroute -n\n<\/code><\/span><\/pre>\n\n\n
                              Inside a Container:<\/strong><\/p>\n\n\n
                              docker exec -it <container-name<\/span>><\/span> ip route\ndocker exec -it <container-name<\/span>><\/span> route -n\n<\/code><\/span>Code language:<\/span> HTML, XML<\/span> (<\/span>xml<\/span>)<\/span><\/small><\/pre>\n\n\n
                              \n\n\n\n
                              3. Viewing Network Namespaces<\/strong><\/h2>\n\n\n\n
                              Each Docker container runs in its own network namespace<\/strong>.<\/p>\n\n\n\n
                              List network namespaces (on host):<\/strong><\/p>\n\n\n
                              ls \/var<\/span>\/run\/netns    # Sometimes empty unless explicitly created<\/span>\n<\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
                              Find container\u2019s PID:<\/strong><\/p>\n\n\n
                              docker inspect --format '{{.State.Pid}}' <container-name<\/span>><\/span>\n<\/code><\/span>Code language:<\/span> HTML, XML<\/span> (<\/span>xml<\/span>)<\/span><\/small><\/pre>\n\n\n
                              Explore container\u2019s network namespace (as root):<\/strong><\/p>\n\n\n
                              nsenter -t <PID> -n ip a      # View interfaces in the container's namespace<\/span>\nnsenter -t <PID> -n bash      # Get a shell in the namespace<\/span>\n<\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
                              \n\n\n\n
                              4. Exploring veth Pairs and Docker Bridges<\/strong><\/h2>\n\n\n\n
                              On the Host:<\/strong><\/p>\n\n\n
                              brctl show                   # Shows bridges and connected interfaces (needs 'bridge-utils')<\/span>\nip link                      # Shows veth* interfaces<\/span>\nip -d link                   # Details (peer relationships for veth)<\/span>\n<\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
                              Find docker0 bridge:<\/strong><\/p>\n\n\n
                              ip a | grep docker0\nbrctl show docker0\n<\/code><\/span><\/pre>\n\n\n
                              Show bridge IP and attached interfaces:<\/strong><\/p>\n\n\n
                              ip addr show docker0\nbridge link show dev docker0\n<\/code><\/span><\/pre>\n\n\n
                              \n\n\n\n
                              5. Checking Network Connections<\/strong><\/h2>\n\n\n\n
                              On the Host or in Container:<\/strong><\/p>\n\n\n
                              ss -tulnp                   # Lists open ports and listening sockets<\/span>\nnetstat -tulnp              # Same, legacy (needs 'net-tools')<\/span>\nlsof -i                     # Shows open files and network sockets<\/span>\n<\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
                              Test connectivity:<\/strong><\/p>\n\n\n
                              ping <IP<\/span>><\/span>\ntraceroute <IP<\/span>><\/span>             # May need to install\ncurl <URL<\/span>><\/span>                  # Test HTTP\/S\nnc -vz <IP<\/span>><\/span> <port<\/span>><\/span>          # Test TCP port (nc = netcat)\n<\/code><\/span>Code language:<\/span> HTML, XML<\/span> (<\/span>xml<\/span>)<\/span><\/small><\/pre>\n\n\n
                              Inside a container:<\/strong><\/p>\n\n\n
                              docker<\/span> exec<\/span> -it<\/span> <container-name<\/span>> ping<\/span> 8.8<\/span>.8<\/span>.8<\/span>\ndocker<\/span> exec<\/span> -it<\/span> <container-name<\/span>> curl<\/span> ifconfig<\/span>.me<\/span>\n<\/code><\/span>Code language:<\/span> CSS<\/span> (<\/span>css<\/span>)<\/span><\/small><\/pre>\n\n\n
                              \n\n\n\n
                              6. Docker Networking on the Host<\/strong><\/h2>\n\n\n\n
                              Show Docker networks:<\/strong><\/p>\n\n\n
                              docker network ls\ndocker network inspect <network<\/span>><\/span>\n<\/code><\/span>Code language:<\/span> HTML, XML<\/span> (<\/span>xml<\/span>)<\/span><\/small><\/pre>\n\n\n
                              Show firewall\/NAT rules (how Docker handles IP forwarding):<\/strong><\/p>\n\n\n
                              sudo iptables -t nat -L -n -v | grep DOCKER\nsudo iptables -L -n -v | grep DOCKER\n<\/code><\/span><\/pre>\n\n\n
                              \n\n\n\n
                              7. Observing Container MAC\/IP Addresses<\/strong><\/h2>\n\n\n\n
                              Get container\u2019s IP\/MAC from Docker:<\/strong><\/p>\n\n\n
                              docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' <container<\/span>><\/span>\ndocker inspect -f '{{range .NetworkSettings.Networks}}{{.MacAddress}}{{end}}' <container<\/span>><\/span>\n<\/code><\/span>Code language:<\/span> HTML, XML<\/span> (<\/span>xml<\/span>)<\/span><\/small><\/pre>\n\n\n
                              \n\n\n\n
                              8. DNS Inside Docker<\/strong><\/h2>\n\n\n\n
                              Check \/etc\/resolv.conf<\/code> in a container:<\/strong><\/p>\n\n\n
                              docker exec -it <container<\/span>><\/span> cat \/etc\/resolv.conf\n<\/code><\/span>Code language:<\/span> HTML, XML<\/span> (<\/span>xml<\/span>)<\/span><\/small><\/pre>\n\n\n
                              \n
                              Docker usually provides its own embedded DNS server to containers.<\/p>\n<\/blockquote>\n\n\n\n
                              \n\n\n\n
                              9. Examining Network Traffic (Advanced)<\/strong><\/h2>\n\n\n\n
                              Packet capture on docker0 bridge:<\/strong><\/p>\n\n\n
                              sudo tcpdump -i docker0\nsudo tcpdump -i any port 80\n<\/code><\/span><\/pre>\n\n\n
                              In a container:<\/strong><\/p>\n\n\n
                              docker exec -it <container<\/span>><\/span> apt update\ndocker exec -it <container<\/span>><\/span> apt install tcpdump -y\ndocker exec -it <container<\/span>><\/span> tcpdump -i eth0\n<\/code><\/span>Code language:<\/span> HTML, XML<\/span> (<\/span>xml<\/span>)<\/span><\/small><\/pre>\n\n\n
                              \n\n\n\n
                              10. Example: Full Lab to Explore Docker Networking Internals<\/strong><\/h2>\n\n\n\n
                              Step 1: Start a container and note its details<\/strong><\/h3>\n\n\n
                              docker run -itd --name nettest ubuntu\ndocker inspect nettest | grep -A 5<\/span> \"Networks\"<\/span>\n<\/code><\/span>Code language:<\/span> JavaScript<\/span> (<\/span>javascript<\/span>)<\/span><\/small><\/pre>\n\n\n
                              Step 2: Find container\u2019s PID and veth pair<\/strong><\/h3>\n\n\n
                              CONTAINER_ID=$(docker ps -qf \"name=nettest\"<\/span>)\nPID=$(docker inspect --format '{{.State.Pid}}'<\/span> $CONTAINER_ID)\nls -l \/proc\/$PID\/ns\/net    # Shows network namespace link<\/span>\n<\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
                              Step 3: Map veth pair<\/strong><\/h3>\n\n\n\n
                                \n
                              1. On the host: ip link | grep veth<\/code><\/li>\n\n\n\n
                              2. Use ethtool<\/code> to find which veth peer connects to which container (install with apt install ethtool<\/code>): ethtool -S vethXXXXX # Find statistics, may show peer info<\/code><\/li>\n<\/ol>\n\n\n\n
                                Step 4: Check bridge<\/strong><\/h3>\n\n\n
                                brctl show\n<\/code><\/span><\/pre>\n\n\n
                                Step 5: Explore namespace with nsenter<\/strong><\/h3>\n\n\n
                                sudo nsenter -t $PID -n ip a\n<\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
                                \n\n\n\n
                                11. Useful Tools to Install on Ubuntu for Networking Labs<\/strong><\/h2>\n\n\n
                                sudo apt update\nsudo apt install iproute2 net-tools bridge-utils tcpdump ethtool lsof traceroute iputils-ping dnsutils curl netcat\n<\/code><\/span><\/pre>\n\n\n
                                \n\n\n\n
                                Summary Table of Commands<\/strong><\/h1>\n\n\n\n
                                Purpose<\/th>Host Command<\/th>Container Command (with docker exec)<\/th><\/tr><\/thead>
                                List interfaces<\/td>ip a \/ ifconfig -a<\/td>ip a \/ ifconfig -a<\/td><\/tr>
                                Routing table<\/td>ip route \/ route -n<\/td>ip route \/ route -n<\/td><\/tr>
                                Network namespaces<\/td>nsenter -t -n ip a<\/td>(direct, already inside namespace)<\/td><\/tr>
                                List bridges<\/td>brctl show<\/td>(usually N\/A)<\/td><\/tr>
                                Docker bridge status<\/td>ip addr show docker0<\/td>(N\/A)<\/td><\/tr>
                                veth info<\/td>ip link \/ ip -d link \/ ethtool<\/td>(N\/A)<\/td><\/tr>
                                Open ports<\/td>ss -tulnp \/ netstat -tulnp<\/td>ss -tulnp \/ netstat -tulnp<\/td><\/tr>
                                Test connectivity<\/td>ping, curl, nc, traceroute<\/td>ping, curl, nc, traceroute<\/td><\/tr>
                                DNS check<\/td>cat \/etc\/resolv.conf<\/td>docker exec cat \/etc\/resolv.conf<\/td><\/tr>
                                Packet capture<\/td>tcpdump -i docker0 \/ tcpdump -i any port<\/td>tcpdump -i eth0<\/td><\/tr>
                                Docker inspect<\/td>docker inspect, docker network inspect<\/td>(N\/A)<\/td><\/tr>
                                IP\/MAC from inspect<\/td>docker inspect -f …<\/td>(N\/A)<\/td><\/tr>
                                Firewall\/NAT rules<\/td>iptables -t nat -L<\/td>grep DOCKER<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
                                \n\n\n\n
                                End-to-End Lab Workflow Example<\/strong><\/h1>\n\n\n\n
                                  \n
                                1. Create a bridge network<\/strong> docker network create mynet<\/code><\/li>\n\n\n\n
                                2. Start two Ubuntu containers<\/strong> docker run -itd --name box1 --net=mynet ubuntu docker run -itd --name box2 --net=mynet ubuntu<\/code><\/li>\n\n\n\n
                                3. Check networking from host<\/strong> docker network inspect mynet ip a # look for new veth interfaces brctl show<\/code><\/li>\n\n\n\n
                                4. Check networking from inside containers<\/strong> docker exec -it box1 ip a docker exec -it box2 ip a<\/code><\/li>\n\n\n\n
                                5. Test connectivity<\/strong> docker exec -it box1 apt update docker exec -it box1 apt install iputils-ping -y docker exec -it box1 ping <IP-of-box2><\/code><\/li>\n\n\n\n
                                6. Trace the connection (from host)<\/strong> sudo tcpdump -i docker0<\/code><\/li>\n<\/ol>\n\n\n\n
                                  \n\n\n\n
                                  Extra: How Docker Networking Actually Works (Flow Summary)<\/strong><\/h2>\n\n\n\n
                                    \n
                                  1. Docker creates a docker0<\/code> bridge on the host.<\/li>\n\n\n\n
                                  2. When you run a container, Docker:\n
                                      \n
                                    • Creates a network namespace for the container.<\/li>\n\n\n\n
                                    • Creates a veth pair: one end in host namespace, other in container as eth0<\/code>.<\/li>\n\n\n\n
                                    • Connects host end of veth to docker0<\/code> bridge.<\/li>\n\n\n\n
                                    • Assigns container an IP from the bridge subnet.<\/li>\n\n\n\n
                                    • Sets up NAT\/iptables rules for outbound access.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
                                      \n\n\n\n
                                      <\/p>\n\n\n\n
                                      <\/p>\n\n\n\n