Public Repository

Last pushed: 5 months ago
Short Description
Alpine Linux v3.7 with tcpdump v4.9.2 installed at /usr/sbin/tcpdump. 4MB.
Full Description

A handy basic image comprising of;

For previous tag 1;

  • Alpine Linux v3.4
  • tcpdump v4.7.4


I'd expect you use this image as a simple packet capture tool. It can be used to display packets to STDOUT or you can mount a volume and write to file.

If you'd like more information on using tcpdump, see my articles here;


Use this command to pull the image manually before runtime:

sudo docker pull itsthenetwork/alpine-tcpdump:latest


This command will start the container interactively, using host networking mode (necessary if you want to capture data to or from the host) and display ICMP traffic seen on any host interface. The container will be automatically removed when you stop the capture using [Ctrl]+C.

sudo docker run -it --privileged --net=host --name=tcpdump --rm itsthenetwork/alpine-tcpdump -i any -vvnn icmp

If you want to write to a file instead, this will work (mounting the host's /var/tmp/ directory to /capture/ within the container):

sudo docker run -it --privileged=true --net=host --name=tcpdump -v /var/tmp:/capture --rm itsthenetwork/alpine-tcpdump -i any -vvnn -w /capture/file_name.pcap icmp

If you expect to use this image often, perhaps use an alias at the CLI or in your ~/.bashrc file:

alias tcpdump="sudo docker run -it --privileged=true --net=host --name=tcpdump --rm itsthenetwork/alpine-tcpdump"


Whilst this would run in the default bridged networking mode, it would be rather pointless as it's unlikely any packets would ever arrive at the container. Thus, host most networking is recommended.

Additional Packages

If you wanted to install additional packages and build your own image based upon this one you'd start your Dockerfile like this:

FROM itsthenetwork/alpine-tcpdump:latest

RUN apk -add U -v package_name package_name

Docker Pull Command