19.2.6.2 Inspect Network Output
A focused guide to Inspect Network Output, connecting core concepts with practical Docker and container operations.
When you run docker inspect targeting a Docker network, the output is a JSON array describing the network object as managed by the Docker daemon. This includes the network driver configuration, IPAM (IP Address Management) settings, connected containers, and their assigned network addresses.
Running the Command
docker inspect <network_name_or_id>
You can also target a network explicitly using the network subcommand:
docker network inspect <network_name_or_id>
Both commands produce equivalent output for network objects.
Top-Level Output Structure
The output is a JSON array with one element per inspected network:
[
{
"Name": "my_app_network",
"Id": "d1e2f3a4b5c6d7e8f9a0b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2",
"Created": "2024-03-15T09:10:00.000000000Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": { "Network": "" },
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
IPAM Section
The IPAM (IP Address Management) section defines the IP addressing scheme for the network:
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.20.0.0/16",
"Gateway": "172.20.0.1"
}
]
}
Driver: The IPAM driver used.defaultis the built-in Docker IPAM driver.Config: An array of IPAM configuration blocks, each describing a subnet and its gateway.Subnet: The CIDR range allocated to this network.Gateway: The IP address of the default gateway for containers on this network.
When creating a network with a custom subnet:
docker network create --subnet 192.168.100.0/24 --gateway 192.168.100.1 my_custom_network
The inspect output will reflect those values in the IPAM.Config array.
Containers Section
The Containers section lists every container currently connected to the network, keyed by the container's full ID:
"Containers": {
"a1b2c3d4e5f6...": {
"Name": "web_server",
"EndpointID": "e7f8a9b0c1d2...",
"MacAddress": "02:42:ac:14:00:02",
"IPv4Address": "172.20.0.2/16",
"IPv6Address": ""
},
"b2c3d4e5f6a1...": {
"Name": "db_server",
"EndpointID": "f8a9b0c1d2e3...",
"MacAddress": "02:42:ac:14:00:03",
"IPv4Address": "172.20.0.3/16",
"IPv6Address": ""
}
}
Name: The container name as assigned at creation.EndpointID: The unique identifier for the container's connection endpoint on this network.MacAddress: The MAC address assigned to the container's virtual network interface on this network.IPv4Address: The IP address with prefix length assigned to the container on this network.IPv6Address: The IPv6 address if IPv6 is enabled; otherwise empty.
Driver and Scope Fields
"Driver": "bridge",
"Scope": "local"
Driver: Determines the network behavior. Common values:bridge: Default for single-host container-to-container communication.host: Containers share the host network stack directly.overlay: Spans multiple Docker hosts, used with Docker Swarm.macvlan: Assigns a MAC address to the container, making it appear as a physical device on the network.none: No networking.
Scope: Eitherlocal(single host) orswarm(multi-host cluster).
Internal and Attachable Fields
"Internal": false,
"Attachable": false
Internal: Whentrue, the network has no external connectivity — containers can communicate with each other but cannot reach outside the network.Attachable: Whentrue, standalone containers (not part of a service) can attach to this network, which is relevant for overlay networks in Swarm mode.
Options Section
The Options section carries driver-specific configuration:
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
}
For bridge networks, these options control inter-container communication (enable_icc), IP masquerading for outbound traffic, and the MTU of the network interface.
Labels Section
"Labels": {
"com.example.environment": "production",
"com.example.team": "backend"
}
Labels are user-defined key-value pairs applied to the network at creation time, useful for organization and filtering.
Inspecting Multiple Networks
You can inspect multiple networks in a single command. The output is a JSON array with one element per network:
docker network inspect bridge host my_custom_network
Practical Use Cases
Finding the subnet of a custom network:
docker network inspect --format "{{range .IPAM.Config}}{{.Subnet}}{{end}}" my_app_network
Listing all containers attached to a network:
docker network inspect --format "{{range .Containers}}{{.Name}} {{.IPv4Address}}{{println}}{{end}}" my_app_network
Checking the network driver:
docker network inspect --format "{{.Driver}}" my_app_network
Verifying whether a specific container is on a network:
docker network inspect my_app_network | grep "web_server"
Checking the gateway for a network:
docker network inspect --format "{{range .IPAM.Config}}{{.Gateway}}{{end}}" my_app_network
Default Networks
Docker creates three networks by default when installed. Inspecting them reveals their standard configurations:
docker network inspect bridge
docker network inspect host
docker network inspect none
The default bridge network uses the docker0 interface on the host and assigns containers IPs in the 172.17.0.0/16 subnet. The host network has no IPAM config since it shares the host stack directly. The none network has no connectivity and no IPAM configuration.
The network inspection output is essential for diagnosing connectivity issues between containers, verifying subnet assignments, checking which containers share a network, and auditing network configurations in both development and production environments.