You can use the nsenter command to run a command on your host inside the network namespace of the Docker container. Just get the PID of your Docker container:
docker inspect -f '{{.State.Pid}}' container_name_or_id
For example, on my system:
$ docker inspect -f '{{.State.Pid}}' c70b53d98466
15652
And once you have the PID, use that as the argument to the target (-t) option of nsenter. For example, to run netstat inside the container network namespace:
$ sudo nsenter -t 15652 -n netstat
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
Notice that this worked even though the container does not have netstat installed:
$ docker exec -it c70b53d98466 netstat
rpc error: code = 13 desc = invalid header field value "oci runtime error: exec failed: container_linux.go:247: starting container process caused \"exec: \\\"netstat\\\": executable file not found in $PATH\"\n"
(nsenter is part of the util-linux package)