creating_containers

Creating Docker Images and Containers

This guide walks through the process of creating Docker images using a Dockerfile, tagging images, pushing them to a Docker registry, and running containers from these images.

1. Building a `tcpdump` Image

This example shows how to create a simple Docker image that includes the tcpdump utility.

1.1 Create Dockerfile

Create a separate directory for your project:
```
mkdir my-tcpdump-image
cd my-tcpdump-image
```

Create the Dockerfile: Create a file named Dockerfile (no extension) in this directory with the following content:

FROM ubuntu
RUN apt-get update && apt-get install -y tcpdump && rm -rf /var/lib/apt/lists/*
# Default command. Can be overridden during 'docker run'.
# Using -n to disable name resolution, -l for line-buffered output (good for pipes),
# and -A to print ASCII. Adjust eth0 if needed.
CMD ["tcpdump", "-i", "eth0", "-n", "-l", "-A"]

(Added rm -rf /var/lib/apt/lists/* to reduce image size. Changed CMD to JSON format and added common flags.)

1.2 Build the Image

Now, build the Docker image from your Dockerfile.

# Build and tag as 'tcpdump' (latest)
docker image build -t tcpdump .
# Build and tag with a specific version, e.g., 'tcpdump:v1'
docker image build -t tcpdump:v1 .

(Corrected "Let's built" to "Let's build" implicitly by new heading.)

1.3 Verify Image Creation

List your local Docker images to see the newly created ones:

docker image ls

1.4 Alternative: Building from STDIN (Quick Way)

You can also build an image by piping a Dockerfile content directly to docker image build using a hyphen (-) as the path.

docker image build -t tcpdump:v2 - <<EOF
FROM ubuntu
RUN apt-get update && apt-get install -y tcpdump && rm -rf /var/lib/apt/lists/*
CMD ["tcpdump", "-i", "eth0", "-n", "-l", "-A"]
EOF

2. Pushing an Image to a Registry

To share your image or use it on other machines, you can push it to a Docker registry like Docker Hub.

Log in to Docker Hub (or your private registry):

# Replace <docker_username> with your Docker Hub username
docker login -u <docker_username>

Tag the image: Before pushing, you need to tag your image with the registry username and repository name. For example, to push tcpdump:v1 to Docker Hub under username xxradar:
```
docker tag tcpdump:v1 xxradar/tcpdump:v1
```
Push the image:
```
docker push xxradar/tcpdump:v1
```

3. Running the `tcpdump` Container

Test the image you pushed (or the local one if you didn't push).

# This will use the CMD specified in the Dockerfile.
# You might need --cap-add=NET_ADMIN --cap-add=NET_RAW or --privileged for tcpdump to work,
# and potentially --network=host or attach to another container's network.
docker run -it --rm xxradar/tcpdump:v1
# Example with more permissions and specific interface:
# docker run -it --rm --cap-add=NET_ADMIN --cap-add=NET_RAW xxradar/tcpdump:v1 -i eth0

(Added --rm for auto-cleanup and a note about necessary capabilities for tcpdump.)

4. Building a "Hacking" Container (`hackon:v1`)

This example creates a more comprehensive image with various networking and utility tools.

4.1 Create Dockerfile

Create a new directory and Dockerfile: (e.g., mkdir my-hackon-image; cd my-hackon-image) Create a Dockerfile with the following content:

FROM ubuntu:18.04
# MAINTAINER is deprecated, use LABEL instead
LABEL maintainer="Philippe Bogaerts <[email protected]>"

# Combine RUN instructions to reduce layers and image size
# Also, clean up apt cache in the same layer
RUN apt-get update && \
    apt-get install -y \
    iputils-ping \
    nmap \
    siege \
    apache2-utils \
    dnsutils \
    curl \
    openssl \
    wget \
    iproute2 \
    netcat && \
    rm -rf /var/lib/apt/lists/*

CMD ["echo", "My hacking container is ready! Use 'docker run -it <imagename> bash' for an interactive shell."]

(Corrected "xxadar" to "xxradar". Replaced MAINTAINER with LABEL. Combined RUN apt-get install commands into one layer and added apt cache cleanup. Modified CMD to be more informative.)

4.2 Build and Push the Image

Build the image:

# In the directory containing the Dockerfile for hackon
docker image build -t hackon:v1 .
# Optionally, tag with your Docker Hub username, e.g., xxradar/hackon:v1
# docker tag hackon:v1 xxradar/hackon:v1

Push the image (Optional): If you tagged it with your username, you can push it:
```
# docker login -u <your_docker_username>
# docker push xxradar/hackon:v1
```
(Made build/push steps more explicit.)

4.3 Test Your New Container

Run the container with its default CMD:
```
docker run --rm hackon:v1
```
This will output: "My hacking container is ready! Use 'docker run -it bash' for an interactive shell."
Try to run a command (e.g., curl):
```
docker run --rm hackon:v1 curl 'http://www.brucon.org'
```
What's happening? This command fails to execute curl as intended because curl 'http://www.brucon.org' is passed as arguments to the image's CMD (which is echo ...). The echo command simply prints these arguments.
Correct way to run a command (override CMD or use bash): To run a specific command like curl, you provide it after the image name, which overrides the Dockerfile's CMD:
```
docker run --rm hackon:v1 curl 'http://www.brucon.org'
```
Or, for an interactive shell:
```
docker run -it --rm hackon:v1 bash
```
(Clarified "What's happening?" and the solution.)

4.4 More Ways to Interact with Containers ("Some tricks")

List running containers:
```
docker ps
```

Get an interactive shell in a new container: The container runs, you get a shell, and it's removed when you exit.

docker run -it --rm hackon:v1 bash
# Example commands inside the container:
# ping google.com
# nmap -sT localhost
# exit

Run a container in the background and exec into it:

# Run a container named 'hackon' in detached mode, sleeping for 300 seconds
docker run --name hackon-bg --rm -d hackon:v1 sleep 300
# List running containers to see 'hackon-bg'
docker ps
# Execute 'bash' in the running 'hackon-bg' container
docker exec -it hackon-bg bash
# From another terminal, execute 'ls' in 'hackon-bg'
docker exec -it hackon-bg ls
# Clean up when done
# docker stop hackon-bg (it will be removed due to --rm after sleep finishes or if stopped)

(Used a different name hackon-bg to avoid conflict with previous examples if any were not cleaned up. Added -d for detached. Clarified cleanup.)

Pipe input to a container:
```
echo "Hello from host" | docker run -i --rm hackon:v1 cat -
```
(Added --rm and - for cat to read from stdin.)

Home

Previouscontainer_networking Nextdocker-bench

Last updated 6 months ago