Where is this connection coming from?

Do you have a lot of docker containers and want to know which one of them is causing connections to a particular ip address? Then fear no more! I found this beauty right here.

#!/bin/bash

    # This script lists all running Docker containers, enters each container's
    # network namespace, and counts how many network connections exist to a
    # specific remote server IP address.
    # The output shows each container name with its connection count.
    # Stolen from https://serverfault.com/questions/1193514/how-can-i-find-which-docker-containers-are-making-the-most-network-connections-t

    # DEFINE REMOTE IP HERE
    REMOTE_SERVER_IP=$1

    # Get all container PIDs and check their network namespaces
    docker ps -q | xargs -I {} docker inspect -f '{{.State.Pid}} {{.Name}}' {} | while read pid name; do
        echo "=== Container: $name (PID: $pid) ==="
        nsenter -t $pid -n netstat -anp 2>/dev/null | grep "$REMOTE_SERVER_IP" | wc -l
    done | paste - -

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *