Inspecting docker activity with socat
We can’t directly sniff the traffic on it as we don’t really control this socket.
We first create a fake unix socket, say ‘/tmp/socatproxy’
and relay all its traffic to
$ socat -v UNIX-LISTEN;/tmp/socatproxy.sock,fork,reuseaddr UNIX-CONNECT://var/run/docker.sock &
. In this way, regular interactions remain undisturbed, but the redirect allows socat to inspect traffic.
-v : writes the traffic to stderr as text in addition to relaying instructions. Some conversions are made for the sake of readability so if certain sequences aren’t being interpreted properly, one could try -x (hex).
UNIX-LISTEN : listen for connections on the unix socket (In our case, /tmp/fake)
fork : create a separate subprocess for handling new connections so the main process may continue listening
UNIX-CONNECT : connect to the specified unix socket (In our case, /var/run/docker.sock)
to list all containers with Docker
$ docker -H unix:///tmp/socatproxy.sock ps -a