- Packetbeat Reference: other versions:
- Overview
- Getting Started With Packetbeat
- Running Packetbeat on Docker
- Upgrading Packetbeat
- Configuring Packetbeat
- Configuration Options (Reference)
- Processors
- Setting Traffic Capturing Options
- Filtering and Enhancing the Exported Data
- Configuring Packetbeat to Use Ingest Node
- Exporting GeoIP Information
- Configuring Packetbeat to Use Logstash
- Configuring Flows to Monitor Network Traffic
- Using Environment Variables in the Configuration
- Configuring Thrift-RPC Support
- Maintaining the Real-Time State of the Network Topology
- YAML Tips and Gotchas
- Exported Fields
- AMQP Fields
- Beat Fields
- Cassandra Fields
- Cloud Provider Metadata Fields
- Common Fields
- DNS Fields
- Flow Event Fields
- HTTP Fields
- ICMP Fields
- Memcache Fields
- MongoDb Fields
- MySQL Fields
- NFS Fields
- PostgreSQL Fields
- Raw Fields
- Redis Fields
- Thrift-RPC Fields
- Transaction Event Fields
- Measurements (Transactions) Fields
- Securing Packetbeat
- Visualizing Packetbeat Data in Kibana
- Troubleshooting
- Developer Guide: Adding a New Protocol
WARNING: Version 5.4 of Packetbeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Capturing Traffic from the Host System
editCapturing Traffic from the Host System
editBy default, Docker networking will connect the Packetbeat container to an
isolated virtual network, with a limited view of network traffic. You may wish
to connect the container directly to the host network in order to see traffic
destined for, and originating from, the host system. With docker run, this can
be achieved by specifying --network=host.
docker run --cap-add=NET_ADMIN --network=host docker.elastic.co/beats/packetbeat:5.4.3
On Windows and MacOS, specifying --network=host will bind the
container’s network interface to the virtual interface of Docker’s embedded
Linux virtual machine, not to the physical interface of the host system.