Docker in Flowmon

August 23, 2018 Flowmon, Infrastructure Management

Check this post to see how you can use recently added Docker to install custom packages and applications in Flowmon solution.

Docker comes as a new feature to Flowmon product in 9.02.01 version (now available in beta) to cover customers need for package or custom application installation. From Wikipedia: Docker is a computer program that performs operating-system-level virtualization, also known as "containerization". It was first released in 2013 and is developed by Docker, Inc. Docker is used to run software packages called "containers". Virtualized containers can be easily get from Docker hub and installed. There is no need to modify Flowmon operating system.

Welcome in the world of virtual containers and let me introduce new technology in Flowmon.

Run the Docker

Login as flowmon user to Flowmon SSH console

[flowmon@internal ~]$ sudo systemctl start docker

Choose on Docker hub package for installation, for example Praqma network multitool container.

praqma/network-multitool

Find section “Docker Pull Command” on the web page

 Use the command for package installation

[flowmon@internal ~]$ sudo docker pull praqma/network-multitool

Using default tag: latest

Trying to pull repository docker.io/praqma/network-multitool ...

latest: Pulling from docker.io/praqma/network-multitool

8e3ba11ec2a2: Pull complete 
48771b60d009: Pull complete
2fa4c10dbbfc: Pull complete
36667062db98: Pull complete
aebcae8c651a: Pull complete
2c3952222b73: Pull complete
6be6339f2789: Pull complete
Digest: sha256:f8716c5b96d1b939279fd9ec885c2a0a591b3f8b6a239c00a2113c4cd6caf52f

Status: Downloaded newer image for docker.io/praqma/network-multitool:latest

Check if the package is installed

[flowmon@internal ~]$ sudo docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 85a19fba5912 praqma/network-multitool "/docker-entrypoin..." 18 seconds ago Up 17 seconds 0.0.0.0:32769->80/tcp, 0.0.0. 0:32768->443/tcp cocky_jang

Run the bash and test tools

[flowmon@internal ~]$ sudo docker run --rm -it praqma/network-multitool bash 
bash-4.4# nslookup yahoo.com
Server: 192.168.3.254
Address: 192.168.3.254#53

Non-authoritative answer:

   yahoo.com
Address: 98.137.246.8
…

Use parameter --restart unless-stopped if you want to install that permanently.

There are many other tools included, test them all and write comment which one is best for you.

Let's try also another package, there is pretty good network tool called NMAP for network discovery and security auditing. Wanna use it on Flowmon? No problem.

uzyexe/nmap

Install the NMAP to Docker

[flowmon@internal ~]$ sudo docker pull uzyexe/nmap

Using default tag: latest

Trying to pull repository docker.io/uzyexe/nmap ...

latest: Pulling from docker.io/uzyexe/nmap
a3ed95caeb02: Pull complete
77c6c00e8b61: Pull complete
3aaade50789a: Pull complete
00cf8b9f3d2a: Pull complete
7ff999a2256f: Pull complete
d2ba336f2e44: Pull complete
dfda3e01f2b6: Pull complete
a49f12444284: Pull complete
b12991d094a3: Pull complete

Digest: sha256:97fec7626949e70385c1bb451626967f9109e90fbe0e69947e18623b87c1c517

Status: Downloaded newer image for docker.io/uzyexe/nmap:latest

Now you can run NMAP scan

[flowmon@internal ~]$ sudo docker run --rm uzyexe/nmap 192.168.1.1 -A  
Starting Nmap 7.60 ( https://nmap.org ) at 2018-08-13 10:55 GMT
Nmap scan report for 192.168.1.1
Host is up (0.00020s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.6.1 (protocol 2.0)
80/tcp open http Apache httpd 2.4.6
443/tcp open ssl

Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port

Aggressive OS guesses: Crestron XPanel control system (89%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (89%), Linux 3.12 - 4.4 (87%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (87%), OpenWrt White Russian 0.9 (Linux 2.4.30) (87%), HP P2000 G3 NAS device (86%), Dahua network video recorder (86%), Linux 2.6.32 - 3.10 (86%), ASUS RT-N56U WAP (Linux 3.4) (86%), Linux 3.1 (86%)

No exact OS matches for host (test conditions non-ideal).

Network Distance: 2 hops

Service Info: Host: demo.flowmon.com

TRACEROUTE (using port 443/tcp)
HOP RTT ADDRESS )
1 0.04 ms 172.17.20.1 )
2 0.16 ms 192.168.1.1

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 16.14 seconds

Use parameter --restart unless-stopped if you want to install that permanently

How to clean up your Docker

It is also important to know

Check your installed images

[flowmon@internal ~]$ sudo docker images 
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/praqma/network-multitool latest 306f7439c25a 4 weeks ago 94.2 MB
docker.io/uzyexe/nmap latest 1d6ced1c4c7f 6 months ago 17.8 MB

Remove repository

[flowmon@internal ~]$ sudo docker rmi docker.io/uzyexe/nmap 
Untagged: docker.io/uzyexe/nmap:latest
Untagged: docker.io/uzyexe/nmap@sha256:97fec7626949e70385c1bb451626967f9109e90fbe0e69947e18623b87c1c517
Deleted: sha256:1d6ced1c4c7f67a22928c02387552c9f81984f1b2c355b64a6e7c85bc60481cb
Deleted: sha256:a8a3953a0984971f3b99c8ef59d9fd09c03b83ab7188a386062cd7c36da59563
Deleted: sha256:9e0c92c4c0792bf9e0cabaef6221b4432e70918f3d4a5cf870c93866755c42c2
Deleted: sha256:c0f69db590f8f532d37c8d5a03d6444b54320c0cbc2a6284e806341d82739882
Deleted: sha256:a3e34ca1013df5e0bfc23498e4b045ad258da4fc844db84030144352dc9f31ff
Deleted: sha256:190fb50343dfb3406eedd4cd0f5228cd2d6ebc95137edcb662f174656af92ec6
Deleted: sha256:195b91bbd480c4c9017ef661d45792fd986f9eb3fbcf39cefe6ffbfda267b1a6
Deleted: sha256:031290f158ed657db8c2e3c2adec11217156c00d1bcda2beb733e32e22f8d940
Deleted: sha256:cc4baf7a7c2de3f8bb5b23c41662d408ce32b305ff0f2900e4fa61ce7a258a3b
Deleted: sha256:f779a6969f3ae5bf6aee02a5b61d400762e1af1f09d0c0c8f8673acb3f588e7a
Deleted: sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef
[flowmon@internal ~]$ sudo docker rmi docker.io/praqma/network-multitool
Error response from daemon: conflict: unable to remove repository reference "docker.io/praqma/network-multitool" (must force) - container a22d0924d5c5 is
using its referenced image 306f7439c25a
[flowmon@internal ~]$ sudo docker image rm 306f7439c25a
Error response from daemon: conflict: unable to delete 306f7439c25a (must be forced) - image is being used by stopped container 85a19fba5912

In case of troubles you can force the command “-f”

[flowmon@internal ~]$ sudo docker rmi docker.io/praqma/network-multitool -f 
tagged: docker.io/praqma/network-multitool:latest
Untagged: docker.io/praqma/network-multitool@sha256:f8716c5b96d1b939279fd9ec885c2a0a591b3f8b6a239c00a2113c4cd6caf52f
Deleted: sha256:306f7439c25a99c535c4912b3f0843066188f1cd9a37cdb72be72cecb88333bc

Stop the Docker in Flowmon

[flowmon@internal ~]$ sudo systemctl stop docker

Do not hesitate to share an information via blog comments which packages are usable and valuable for installation in Flowmon Docker.

Tomáš Vlach