ntop
Update Docker Hub Directions
What would you like to add or change?:
Recommend updating the Docker Hub directions to include information about running Docker on OSX and using it for one-time analysis of a packet capture.
Why do you and others need this?:
Some users will run Docker on OSX and will have issues with the --net=host option.
Some users will want to use the Docker version to analyze individual PCAP files.
Recommended change to Docker Hub verbiage:
Install & Run
This is the dev ntopng release. Please use ntopng for stable builds.
docker run -it -p 3000:3000 -v $(pwd)/ntopng.license:/etc/ntopng.license:ro --net=host ntop/ntopng:stable -i eth0
Please replace eth0 with the host interface name from which you want to capture traffic.
For Docker on OSX, remove the --net=host option, as it is not supported.
Unless you use the community edition of ntopng, the -v $(pwd)/ntopng.license:/etc/ntopng.license is necessary to let ntopng running inside the container to recognize the license. For further information please read https://www.ntop.org/support/faq/license-inside-a-container/
One-Time PCAP Analysis
To run ntopng once to analyze a packet capture file, use the following command. This command uses the docker run option --rm to remove dangling containers after the analysis is completed. It uses the --community option to use the ntopng community addition and the --no-promisc mode to disable sniffing on interfaces.
docker run --rm -p 3000:3000 -v /Path/To/PCAPs/:/PCAPs ntop/ntopng:stable --community --no-promisc -i /PCAPs/analysis.pcap
