Docker Networks
Overview
Section titled “Overview”Evidence: Docker Networks
Description: Collect Docker Networks
Category: Applications
Platform: windows
Short Name: docknetworks
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”Docker networks define how containers communicate with each other and external systems. Network configuration reveals bridge networks, overlay networks, host networking modes, and IP address allocations critical for understanding container connectivity and isolation.
Data Collected
Section titled “Data Collected”This collector gathers structured data about docker networks.
Collection Method
Section titled “Collection Method”This collector queries the Docker daemon via Docker Engine API to enumerate all Docker networks. It extracts network ID, name, driver type, scope, subnet configuration, gateway, connected containers, and network options.
Forensic Value
Section titled “Forensic Value”Network data identifies containers exposed to the host network (potential privilege escalation), custom networks used for lateral movement, or misconfigured network isolation. Analyzing network attachments helps map container communication paths and detect unauthorized network access or data exfiltration channels.