2023-07-11 16:54:09 +02:00
|
|
|
services:
|
2024-10-04 19:42:02 +02:00
|
|
|
|
2023-07-11 16:54:09 +02:00
|
|
|
pcap-broker-remote-host:
|
|
|
|
|
image: pcap-broker:latest
|
2024-10-04 19:42:02 +02:00
|
|
|
container_name: pcap-broker-remote-host
|
2023-07-11 16:54:09 +02:00
|
|
|
restart: always
|
|
|
|
|
volumes:
|
2024-10-04 19:42:02 +02:00
|
|
|
# Mount the private key into container that wil be used for SSH
|
|
|
|
|
# Ensure that on the `remote-host` the public key is in the /root/.ssh/authorized_keys file.
|
2023-07-11 16:54:09 +02:00
|
|
|
- ~/.ssh/id_ed25519:/root/.ssh/id_ed25519:ro
|
|
|
|
|
environment:
|
2024-10-04 19:42:02 +02:00
|
|
|
# Command that will be executed by pcap-broker to read PCAP data.
|
|
|
|
|
# Which is to SSH into `remote-host` and run tcpdump on eth0 and write PCAP data to stdout.
|
|
|
|
|
# The `not port 22` BPF is necessary to avoid any traffic loops as the PCAP data is transferred over SSH.
|
|
|
|
|
PCAP_COMMAND: |-
|
|
|
|
|
ssh root@remote-host -oStrictHostKeyChecking=no
|
|
|
|
|
tcpdump -U --immediate-mode -ni eth0 -s 65535 -w - not port 22
|
|
|
|
|
|
|
|
|
|
# Bind on 0.0.0.0 port 4242. From within the same Docker network you can reach it using the `container_name`
|
|
|
|
|
# For example in another Docker service you can reach this pcap-broker using `pcap-broker-remote-host:4242`
|
2023-07-11 16:54:09 +02:00
|
|
|
LISTEN_ADDRESS: "0.0.0.0:4242"
|
2024-10-04 19:42:02 +02:00
|
|
|
ports:
|
|
|
|
|
# This is optional, but makes the PCAP-over-IP port also available locally on the Docker host on port 4200.
|
|
|
|
|
# Handy for debugging, for example: `nc -v localhost 4200 | tcpdump -nr -`
|
|
|
|
|
- 127.0.0.1:4200:4242
|
