I am using below command to monitor a single container. How can I extend this so that I can save the the tcp dump for later analysis using WireShark.
docker run -it --rm --net container:<container_name> \
nicolaka/netshoot tcpdump ...
tcpdump has an option to send raw captured packets to stdout, send it to a file on host:
docker run -it --rm --net container:<> nickolaka/netchoot tcpdump -w - > packets.dump
or wireshark directly
docker run -it --rm --net container:<> nickolaka/netchoot -i any -w - | wireshark -k -i -