Docker Networks

Overview

Evidence: Docker Networks Description: Collect Docker Networks. Platform: Cross-platform Short Name: docknetworks Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Docker networks define how containers communicate with each other and external systems. Network configuration reveals bridge networks, overlay networks, host networking modes, and IP address allocations critical for understanding container connectivity and isolation.

Data Collected

This collector gathers information about docker networks.

Collection Method

This collector queries the Docker daemon via Docker Engine API to enumerate all Docker networks. It extracts network ID, name, driver type, scope, subnet configuration, gateway, connected containers, and network options.

Usage

Network data identifies containers exposed to the host network (potential privilege escalation), custom networks used for lateral movement, or misconfigured network isolation. Analyzing network attachments helps map container communication paths and detect unauthorized network access or data exfiltration channels.

Notes

This data may contain sensitive information that should be handled according to data protection requirements. Ensure proper chain of custody is maintained during collection and analysis.