Notice: This post is more than a year old. Some of the content might be outdated.

The Network Multitool image

Scratching the container networking itch

What to do when you need more than just ping to reach a container.

The itch

We know that the idea behind a Docker container is that it should have just enough software to run a particular process or service. For example a web server, Java application server or database server.

Images are designed to be very minimalistic and lean in nature. If a container should only run a single process all its life, why bother filling it up with unused software? Great! But because they are lean, they can also be difficult to troubleshoot.

I have many times needed more than just ping to reach a container running on a particular host on a particular container network.

Recently I was working on a Kubernetes cluster with service names set up using the SkyDNS addon. But I was not able to resolve the service names. I had nginx running as a container and being minimalistic by nature, it had no tools inside it except ping. I installed nslookup with the usual apt-get update and apt-get install dnsutils. But it was still not giving me enough information about name resolution. I was not until I installed dig that I figured out what was going on. It took me many container starts and apt-get commands before things got clear.

It was a nasty itch and I needed a solution.

The solution

Being a big fan and user of multitools, such as the Leatherman Wave that I carry with me as EDC, I wanted a container image with all the necessary tools installed in it. One I could use at will, without getting into the apt-get mess. I also wanted the image to run as a standard pod, so I could achieve two things:

  • I would always have a web service to test my connections
  • I would just docker exec bash into it and not have to remember complex kubectl commands to run it in interactive mode

I went ahead and created praqma/network-multitool. I am a Red Hat fan so I based my image on centos:7 . Initially I had Apache as web server, but later I replaced it with nginx - it is very light weight and fast.

Example usage

The image can be used in any container environment. Here are a few examples of how you can use it.

On a Docker host


[kamran@kworkhorse ~]$ docker run --rm -it praqma/network-multitool bash

[root@92288413e051 /]# nslookup

Non-authoritative answer:

[root@92288413e051 /]#


[kamran@kworkhorse ~]$ docker run -P -d  praqma/network-multitool
[kamran@kworkhorse ~]$ docker ps
CONTAINER ID        IMAGE                      COMMAND             CREATED             STATUS              PORTS                                           NAMES
a76d156c674f        praqma/network-multitool   "/"   31 seconds ago      Up 30 seconds>80/tcp,>443/tcp   silly_franklin
[kamran@kworkhorse ~]$ docker exec -it silly_franklin bash

[root@a76d156c674f /]# curl -I
HTTP/1.1 301 Redirect
Date: Sun, 16 Apr 2017 16:09:20 GMT
Via: https/1.1 (ApacheTrafficServer)
Server: ATS
Content-Type: text/html
Content-Language: en
Cache-Control: no-store, no-cache
Connection: keep-alive
Content-Length: 304

[root@a76d156c674f /]#

In a Kubernetes cluster

First run the container image as a deployment:

[kamran@kworkhorse ~]$ kubectl run multitool --image=praqma/network-multitool
deployment "multitool" created
[kamran@kworkhorse ~]$

Then find the pod name and connect to it in interactive mode:

[kamran@kworkhorse ~]$ kubectl get pods
NAME                                  READY     STATUS    RESTARTS   AGE
multitool-2814616439-hd8p6            1/1       Running   0          1m
[kamran@kworkhorse ~]$ kubectl exec -it multitool-2814616439-hd8p6 bash

[root@multitool-2814616439-hd8p6 /]# traceroute
traceroute to (, 30 hops max, 60 byte packets
 1  gateway (  0.044 ms  0.014 ms  0.009 ms
 2 (  0.716 ms  0.701 ms  0.896 ms
[root@multitool-2814616439-hd8p6 /]# exit
[kamran@kworkhorse ~]$


Creating this network multitool image has completely soothed my itch. Now I use it to solve all sorts of problems. Packet capture, telnet, traceroute, mtr, dig, netstat, curl - you name it! I hope you will enjoy using this multitool as much as we do at Praqma.

Author: Muhammad Kamran Azeem

Read more about Muhammad

Related Stories

Related Stories


Developing Embedded Software with DevOps

A guide on how to improve development processes

Developing Embedded Software with DevOps

A guide on how to improve development processes

Triggering Jenkins pipelines on Artifactory events

A super easy configuration guide