Finding available network resources inside your container

Sometimes you may have trouble connecting to a networked resource in your container, such as database images connected as service containers. A simple way to discover the available connections within your container is to use nmap. Specifically the command nmap -v -A localhost

 When you run this command it will scan available ports to see which ones are open, and sometimes provide useful information about the service behind it. In the example below nmap has found an instance of MySQL running on port 3306 while also providing some information about the instance. It has also found a service running on port 5432 and correctly guessed that it's an instance of Postgres running. 

It is not installed by default so you'll need to install it first before running it in your config

 

config.yml

- run: sudo apt install nmap -y
- run: nmap -v -A localhost

 

Output

#!/bin/bash -eo pipefail
nmap -v -A localhost

Starting Nmap 6.47 ( http://nmap.org ) at 2017-10-04 18:19 UTC
NSE: Loaded 118 scripts for scanning.
NSE: Script Pre-scanning.
Initiating Ping Scan at 18:19
Scanning localhost (127.0.0.1) [2 ports]
Stats: 0:00:00 elapsed; 0 hosts completed (0 up), 1 undergoing Ping Scan
Ping Scan Timing: About 100.00% done; ETC: 18:19 (0:00:00 remaining)
Completed Ping Scan at 18:19, 0.00s elapsed (1 total hosts)
Initiating Connect Scan at 18:19
Scanning localhost (127.0.0.1) [1000 ports]
Discovered open port 3306/tcp on 127.0.0.1
Discovered open port 5432/tcp on 127.0.0.1
Completed Connect Scan at 18:19, 0.02s elapsed (1000 total ports)
Initiating Service scan at 18:19
Scanning 2 services on localhost (127.0.0.1)
Completed Service scan at 18:19, 6.02s elapsed (2 services on 1 host)
NSE: Script scanning 127.0.0.1.
Initiating NSE at 18:19
Completed NSE at 18:19, 0.01s elapsed
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00034s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 998 closed ports
PORT     STATE SERVICE     VERSION
3306/tcp open  mysql       MySQL 5.7.18
| mysql-info: 
|   Protocol: 53
|   Version: .7.18
|   Thread ID: 5
|   Capabilities flags: 65535
|   Some Capabilities: SupportsLoadDataLocal, IgnoreSpaceBeforeParenthesis, Speaks41ProtocolNew, SupportsCompression, Support41Auth, SwitchToSSLAfterHandshake, FoundRows, LongPassword, LongColumnFlag, IgnoreSigpipes, SupportsTransactions, InteractiveClient, DontAllowDatabaseTableColumn, Speaks41ProtocolOld, ODBCClient, ConnectWithDatabase
|   Status: Autocommit
|_  Salt: W\x1Ff&}Wzg/\x02BrhX\x1E\x1Cm+\x1F!
5432/tcp open  postgresql?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port5432-TCP:V=6.47%I=7%D=10/4%Time=59D5261D%P=x86_64-pc-linux-gnu%r(SM
SF:BProgNeg,8C,"E\0\0\0\x8bSFATAL\0VFATAL\0C0A000\0Munsupported\x20fronten
SF:d\x20protocol\x2065363\.19778:\x20server\x20supports\x201\.0\x20to\x203
SF:\.0\0Fpostmaster\.c\0L2031\0RProcessStartupPacket\0\0")%r(Kerberos,8C,"
SF:E\0\0\0\x8bSFATAL\0VFATAL\0C0A000\0Munsupported\x20frontend\x20protocol
SF:\x2027265\.28208:\x20server\x20supports\x201\.0\x20to\x203\.0\0Fpostmas
SF:ter\.c\0L2031\0RProcessStartupPacket\0\0");

NSE: Script Post-scanning.
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 6.28 seconds
Was this article helpful?
0 out of 1 found this helpful

Comments

0 comments

Please sign in to leave a comment.