Skip to content
/ spindump-docker Public

Run Spindump in a Docker container to monitor QUIC traffic from the host machine.

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fxbrit/spindump-docker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

36 Commits
tools
tools
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Readme.md
Readme.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

spindump-docker

Run Spindump in a Docker container to monitor QUIC traffic from the host machine.

Build

To build the Docker image clone this repository and move into it:

git clone https://github.com/fxbrit/spindump-docker.git
cd spindump-docker

Then enter:

docker build . -t fxbrit/spindump-docker

Pull

The image is available on Docker Hub so you can use:

docker pull fxbrit/spindump-docker

Run

⚠️ 🐧 the captures can only be performed on Linux hosts.

Once you built or pulled the image, create the source bind directory using:

mkdir spdmp-vol

Then start the container:

docker run -d --rm --net=host \
  -v "$(pwd)"/out:/out \
  --name quic-capture fxbrit/spindump-docker

The output will be a set of QUIC captures, stored in spdmp-vol/capture.json.

Options

By using ENV variables it is possible to customize captures. In particular:

  • INTERFACE: allows to specify the name of the host interface that we want to monitor. By default it will monitor all interfaces.
  • MAX_RECEIVE: allows to set a limit to the maximum number of packets in the capture. By default there is no limit.
  • FILTERS: allows to specify extra PCAP filters. Always use and at the start of a filter.

These variables are mapped to specific Spindump options.

Usage examples

If we want to monitor the interface wlp3s0 we can use:

docker run -d --rm --net=host \
  -v "$(pwd)"/out:/out \
  -e "INTERFACE=wlp3s0" \
  --name quic-capture fxbrit/spindump-docker

If we want to monitor traffic going to the network 142.250.0.0/16 via the interface wlp3s0 we can use:

docker run -d --rm --net=host \
  -v "$(pwd)"/out:/out \
  -e "INTERFACE=wlp3s0" \
  -e "FILTERS=and dst net 142.250.0.0/16" \
  --name quic-capture fxbrit/spindump-docker

If we want to monitor traffic going from the host 192.168.2.128 to the network 142.250.0.0/16 via the interface wlp3s0 we can use:

docker run -d --rm --net=host \
  -v "$(pwd)"/out:/out \
  -e "INTERFACE=wlp3s0" \
  -e "FILTERS=and src 192.168.2.128 and dst net 142.250.0.0/16" \
  --name quic-capture fxbrit/spindump-docker

Compose

Docker Compose can make deployment easier by allowing to specify ENV variables on file instead of entering complex commands. It also gives the option to create multiple pre-configurations that can be run with a single command:

docker compose up -d <service_name>

About

Run Spindump in a Docker container to monitor QUIC traffic from the host machine.

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Languages