Notice: This post is more than a year old. Some of the content might be outdated.

The Network Multitool image

Scratching the container networking itch

What to do when you need more than just ping to reach a container.

The itch

We know that the idea behind a Docker container is that it should have just enough software to run a particular process or service. For example a web server, Java application server or database server.

Images are designed to be very minimalistic and lean in nature. If a container should only run a single process all its life, why bother filling it up with unused software? Great! But because they are lean, they can also be difficult to troubleshoot.

I have many times needed more than just ping to reach a container running on a particular host on a particular container network.

Recently I was working on a Kubernetes cluster with service names set up using the SkyDNS addon. But I was not able to resolve the service names. I had nginx running as a container and being minimalistic by nature, it had no tools inside it except ping. I installed nslookup with the usual apt-get update and apt-get install dnsutils. But it was still not giving me enough information about name resolution. I was not until I installed dig that I figured out what was going on. It took me many container starts and apt-get commands before things got clear.

It was a nasty itch and I needed a solution.

The solution

Being a big fan and user of multitools, such as the Leatherman Wave that I carry with me as EDC, I wanted a container image with all the necessary tools installed in it. One I could use at will, without getting into the apt-get mess. I also wanted the image to run as a standard pod, so I could achieve two things:

  • I would always have a web service to test my connections
  • I would just docker exec bash into it and not have to remember complex kubectl commands to run it in interactive mode

I went ahead and created praqma/network-multitool. I am a Red Hat fan so I based my image on centos:7 . Initially I had Apache as web server, but later I replaced it with nginx - it is very light weight and fast.

Example usage

The image can be used in any container environment. Here are a few examples of how you can use it.

On a Docker host


[kamran@kworkhorse ~]$ docker run --rm -it praqma/network-multitool bash

[root@92288413e051 /]# nslookup

Non-authoritative answer:

[root@92288413e051 /]#


[kamran@kworkhorse ~]$ docker run -P -d  praqma/network-multitool
[kamran@kworkhorse ~]$ docker ps
CONTAINER ID        IMAGE                      COMMAND             CREATED             STATUS              PORTS                                           NAMES
a76d156c674f        praqma/network-multitool   "/"   31 seconds ago      Up 30 seconds>80/tcp,>443/tcp   silly_franklin
[kamran@kworkhorse ~]$ docker exec -it silly_franklin bash

[root@a76d156c674f /]# curl -I
HTTP/1.1 301 Redirect
Date: Sun, 16 Apr 2017 16:09:20 GMT
Via: https/1.1 (ApacheTrafficServer)
Server: ATS
Content-Type: text/html
Content-Language: en
Cache-Control: no-store, no-cache
Connection: keep-alive
Content-Length: 304

[root@a76d156c674f /]#

In a Kubernetes cluster

First run the container image as a deployment:

[kamran@kworkhorse ~]$ kubectl run multitool --image=praqma/network-multitool
deployment "multitool" created
[kamran@kworkhorse ~]$

Then find the pod name and connect to it in interactive mode:

[kamran@kworkhorse ~]$ kubectl get pods
NAME                                  READY     STATUS    RESTARTS   AGE
multitool-2814616439-hd8p6            1/1       Running   0          1m
[kamran@kworkhorse ~]$ kubectl exec -it multitool-2814616439-hd8p6 bash

[root@multitool-2814616439-hd8p6 /]# traceroute
traceroute to (, 30 hops max, 60 byte packets
 1  gateway (  0.044 ms  0.014 ms  0.009 ms
 2 (  0.716 ms  0.701 ms  0.896 ms
[root@multitool-2814616439-hd8p6 /]# exit
[kamran@kworkhorse ~]$


Creating this network multitool image has completely soothed my itch. Now I use it to solve all sorts of problems. Packet capture, telnet, traceroute, mtr, dig, netstat, curl - you name it! I hope you will enjoy using this multitool as much as we do at Praqma.

Author: Muhammad Kamran Azeem

Read more about Muhammad

Related Stories

Related Stories


Developing Embedded Software with DevOps

A guide on how to improve development processes

How to visualize project health in Jira

Tips to improve project management in the Atlassian suite

Testing Kubernetes Deployments within CI Pipelines

Low overhead, on-demand Kubernetes clusters deployed on CI Workers Nodes with KIND