7.3 Network Troubleshooting

Network troubleshooting in a Docker context involves systematically narrowing down where a connectivity problem actually lies — within the container, at the network level, at the port publishing layer, or at the host's own networking — using a methodical sequence of checks rather than guessing.

Starting With the Container's Own Perspective

Confirming the application inside the container is actually listening on the expected port is a useful first step, ruling out the most basic possible cause before investigating anything more complex.

docker exec myapp ss -tlnp

Checking Network Attachment and Configuration

Confirming the container is attached to the expected network, and has the expected IP configuration, rules out a misconfiguration at this layer.

docker inspect myapp --format '{{json .NetworkSettings.Networks}}'

Testing Container-to-Container Connectivity Directly

For multi-container communication issues, testing connectivity directly between the two containers in question isolates whether the problem is specifically about their network relationship.

docker exec container-a ping container-b
docker exec container-a curl http://container-b:8080

Checking Port Publishing Configuration

For issues reaching a container from the host or externally, confirming the actual port mapping in effect rules out a publishing misconfiguration.

docker port myapp

Checking Host-Level Firewall Rules

When container-level configuration all appears correct, host-level firewall rules are a common remaining suspect for connectivity that still isn't working as expected.

sudo iptables -L -n

Why a Systematic Approach to Network Troubleshooting Matters

Working through these layers methodically — application, container network config, container-to-container connectivity, port publishing, host firewall — rather than guessing at a cause, leads to identifying the actual source of a networking problem far more reliably and efficiently than ad hoc investigation.