explaingit

nicolaka/netshoot

10,671ShellAudience · ops devopsComplexity · 3/5Setup · easy

TLDR

A ready-to-run container image packed with dozens of networking diagnostic tools so you can troubleshoot connectivity problems inside Docker or Kubernetes without modifying your running app containers.

Mindmap

mindmap
  root((netshoot))
    What it does
      Network debugging
      Container diagnostics
      No app modification
    Tools Included
      tcpdump tshark
      iperf nmap mtr
      dig curl netcat
    Use Cases
      Debug pod networking
      Capture traffic
      Test DNS and routes
    Platforms
      Docker
      Kubernetes
      Host network
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Attach netshoot to a running Kubernetes pod to run DNS lookups and packet captures from inside its network namespace

USE CASE 2

Measure network throughput between two containers using iperf without installing tools on your app images

USE CASE 3

Capture and inspect raw traffic on a container's network interface using tcpdump or tshark

USE CASE 4

Debug firewall rules by inspecting iptables from inside a container's network perspective

Tech stack

ShellDockerKubernetes

Getting it running

Difficulty · easy Time to first run · 5min

In plain English

Netshoot is a container image packed with networking diagnostic tools, designed to help troubleshoot connectivity problems in Docker and Kubernetes environments. Rather than installing debugging utilities directly onto your running application containers or servers, you spin up a netshoot container temporarily, use it to investigate the problem, then discard it. The core idea relies on how Linux network namespaces work. Each Docker container and each Kubernetes pod has its own isolated network environment, but you can attach a running container to share that same network environment. This means netshoot can see exactly the same network interfaces, routes, and connections that your application container sees, letting you run tests from inside its perspective without modifying your application at all. The tool list included in the image covers most network debugging tasks: tcpdump for capturing raw traffic, iperf and iperf3 for measuring throughput between two points, nmap for port scanning, mtr for tracing routes and measuring latency, curl and httpie for testing HTTP endpoints, dig and drill for DNS lookups, iptables for inspecting firewall rules, netcat for testing raw connections, and several dozen more. Tools like tshark and termshark provide a terminal-based packet analysis experience. Scapy is there for crafting custom network packets when standard tools are not enough. With Kubernetes, you can attach netshoot as an ephemeral debug container to an already-running pod, spin it up as a standalone throwaway pod, or run it on a node's host network. A kubectl plugin called kubectl-netshoot wraps these patterns into shorter commands. In Docker, you launch it with --net container:name to share a specific container's network stack, or with --net host to inspect the machine's own network. Netshoot is maintained as a community project and is published as a public container image that can be pulled and used immediately with no installation beyond Docker or kubectl.

Copy-paste prompts

Prompt 1
Help me run netshoot as an ephemeral debug container on a Kubernetes pod named my-app to capture TCP traffic on port 8080 with tcpdump.
Prompt 2
Show me the Docker command to attach netshoot to a running container named api-server so I can run curl and dig tests from inside its network.
Prompt 3
I'm seeing intermittent DNS failures in my Kubernetes cluster, help me use netshoot to run dig queries to pinpoint where the failure is happening.
Prompt 4
Help me use iperf3 inside netshoot to measure throughput between two pods in different Kubernetes namespaces.
Open on GitHub → Explain another repo

← nicolaka on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.