Host Networking Driver
If a container was configured with the Docker host networking driver (--network=host), that container's network stack is not isolated from the Docker host (the container shares the host's networking namespace), and the container does not get its own IP-address allocated. In other words, the container binds all services directly to the host's IP. Furthermore the container can intercept ALL network traffic that the host is sending and receiving on shared interface tcpdump -i eth0.
For instance, you can use this to sniff and even spoof traffic between host and metadata instance.
References:
Copy link