How to TCPdump effectively in Docker

NEW: Hands-on labs available https://cloudyuga.guru/hands_on_lab/tcpdump_docker.

Containers can use the network stack in a few different ways. It all depends on how they connect to the network. A couple of options are:

• docker bridge
• host (ex. $docker run --rm -it --net=host ...)
• container networks (ex. $docker run --rm -it --net=container:id ...)
• overlay

Building a container and run good old stuff like TCPdump or ngrep would not yield much…