Docker nmap one container from inside another?

Question

I'm trying to understand inter-container communication with Docker.

I have a two containers.

Container A has an exposed port which is reachable on localhost:777.

So if I use nmap -p 777 localhost I can see that the port is open.

I enter container B:

docker exec -it containerB bash

From within Container B is it possible for me to use the same nmap command from above to see if port 777 on Container A is open?

score 1 · Answer 1 · answered Apr 24 '17 at 20:59

No this would not be possible without the --network="container:containerA" arg.

Normally the containers don't share the same network stack. That allows that the same port can be used in multiple containers, but each container has its own localhost.

With the --network="container:<container>" arg containerB will share the network stack, so you can use localhost to access the port 777 of containerA.

What you can do without the network arg, and how you should communicate with another container, is to create a network and put both containers in the network (or use links). Then you can access the other container over its name like nmap -p 777 containerA

I'm just about to leave for the day. I'm going to test first thing tomorrow morning and then mark correct. Thanks! — Philip Kirkbride, Apr 24 '17 at 21:00

score 0 · Accepted Answer · edited May 23 '17 at 11:46

0

I was able to do this based on information found here.

From Docker host:

sudo ip addr show docker0

Take note of docker0 ip address, in my case 172.17.0.1. Then go into container B with:

docker exec -it <container> bash

Then:

nmap -p 777 172.17.0.1

edited May 23 '17 at 11:46

Community

1
1

answered Apr 25 '17 at 12:32

Philip Kirkbride

21,381
38
125
225

Docker nmap one container from inside another?

2 Answers2