This guide walks through the process of creating Docker images using a Dockerfile, tagging images, pushing them to a Docker registry, and running containers from these images.
1. Building a tcpdump Image
This example shows how to create a simple Docker image that includes the tcpdump utility.
1.1 Create Dockerfile
Create a separate directory for your project:
mkdirmy-tcpdump-imagecdmy-tcpdump-image
Create the Dockerfile:
Create a file named Dockerfile (no extension) in this directory with the following content:
FROM ubuntuRUN apt-get update && apt-get install -y tcpdump && rm -rf /var/lib/apt/lists/*# Default command. Can be overridden during 'docker run'.# Using -n to disable name resolution, -l for line-buffered output (good for pipes),# and -A to print ASCII. Adjust eth0 if needed.CMD ["tcpdump", "-i", "eth0", "-n", "-l", "-A"]
(Added rm -rf /var/lib/apt/lists/* to reduce image size. Changed CMD to JSON format and added common flags.)
1.2 Build the Image
Now, build the Docker image from your Dockerfile.
(Corrected "Let's built" to "Let's build" implicitly by new heading.)
1.3 Verify Image Creation
List your local Docker images to see the newly created ones:
1.4 Alternative: Building from STDIN (Quick Way)
You can also build an image by piping a Dockerfile content directly to docker image build using a hyphen (-) as the path.
2. Pushing an Image to a Registry
To share your image or use it on other machines, you can push it to a Docker registry like Docker Hub.
Log in to Docker Hub (or your private registry):
Tag the image:
Before pushing, you need to tag your image with the registry username and repository name.
For example, to push tcpdump:v1 to Docker Hub under username xxradar:
Push the image:
3. Running the tcpdump Container
Test the image you pushed (or the local one if you didn't push).
(Added --rm for auto-cleanup and a note about necessary capabilities for tcpdump.)
4. Building a "Hacking" Container (hackon:v1)
This example creates a more comprehensive image with various networking and utility tools.
4.1 Create Dockerfile
Create a new directory and Dockerfile:
(e.g., mkdir my-hackon-image; cd my-hackon-image)
Create a Dockerfile with the following content:
(Corrected "xxadar" to "xxradar". Replaced MAINTAINER with LABEL. Combined RUN apt-get install commands into one layer and added apt cache cleanup. Modified CMD to be more informative.)
4.2 Build and Push the Image
Build the image:
Push the image (Optional):
If you tagged it with your username, you can push it:
(Made build/push steps more explicit.)
4.3 Test Your New Container
Run the container with its default CMD:
This will output: "My hacking container is ready! Use 'docker run -it bash' for an interactive shell."
Try to run a command (e.g., curl):
What's happening? This command fails to execute curl as intended because curl 'http://www.brucon.org' is passed as arguments to the image's CMD (which is echo ...). The echo command simply prints these arguments.
Correct way to run a command (override CMD or use bash):
To run a specific command like curl, you provide it after the image name, which overrides the Dockerfile's CMD:
Or, for an interactive shell:
(Clarified "What's happening?" and the solution.)
4.4 More Ways to Interact with Containers ("Some tricks")
List running containers:
Get an interactive shell in a new container:
The container runs, you get a shell, and it's removed when you exit.
Run a container in the background and exec into it:
(Used a different name hackon-bg to avoid conflict with previous examples if any were not cleaned up. Added -d for detached. Clarified cleanup.)
# Build and tag as 'tcpdump' (latest)
docker image build -t tcpdump .
# Build and tag with a specific version, e.g., 'tcpdump:v1'
docker image build -t tcpdump:v1 .
# Replace <docker_username> with your Docker Hub username
docker login -u <docker_username>
docker tag tcpdump:v1 xxradar/tcpdump:v1
docker push xxradar/tcpdump:v1
# This will use the CMD specified in the Dockerfile.
# You might need --cap-add=NET_ADMIN --cap-add=NET_RAW or --privileged for tcpdump to work,
# and potentially --network=host or attach to another container's network.
docker run -it --rm xxradar/tcpdump:v1
# Example with more permissions and specific interface:
# docker run -it --rm --cap-add=NET_ADMIN --cap-add=NET_RAW xxradar/tcpdump:v1 -i eth0
FROM ubuntu:18.04
# MAINTAINER is deprecated, use LABEL instead
LABEL maintainer="Philippe Bogaerts <[email protected]>"
# Combine RUN instructions to reduce layers and image size
# Also, clean up apt cache in the same layer
RUN apt-get update && \
apt-get install -y \
iputils-ping \
nmap \
siege \
apache2-utils \
dnsutils \
curl \
openssl \
wget \
iproute2 \
netcat && \
rm -rf /var/lib/apt/lists/*
CMD ["echo", "My hacking container is ready! Use 'docker run -it <imagename> bash' for an interactive shell."]
# In the directory containing the Dockerfile for hackon
docker image build -t hackon:v1 .
# Optionally, tag with your Docker Hub username, e.g., xxradar/hackon:v1
# docker tag hackon:v1 xxradar/hackon:v1
docker run --rm hackon:v1 curl 'http://www.brucon.org'
docker run --rm hackon:v1 curl 'http://www.brucon.org'
docker run -it --rm hackon:v1 bash
docker ps
docker run -it --rm hackon:v1 bash
# Example commands inside the container:
# ping google.com
# nmap -sT localhost
# exit
# Run a container named 'hackon' in detached mode, sleeping for 300 seconds
docker run --name hackon-bg --rm -d hackon:v1 sleep 300
# List running containers to see 'hackon-bg'
docker ps
# Execute 'bash' in the running 'hackon-bg' container
docker exec -it hackon-bg bash
# From another terminal, execute 'ls' in 'hackon-bg'
docker exec -it hackon-bg ls
# Clean up when done
# docker stop hackon-bg (it will be removed due to --rm after sleep finishes or if stopped)
echo "Hello from host" | docker run -i --rm hackon:v1 cat -