Stratoshark Introduces Wireshark-Like Analysis for Cloud System Calls

Priyadharshini S January 23, 2025 05:00 PM Technology

Why Stratoshark is Essential for Cloud Operations

Today, there are numerous ways to gain visibility into cloud environments. Amazon offers tools like CloudTrail and CloudWatch for cloud logs and metrics, while the Cloud Native Computing Foundation (CNCF) provides projects such as Prometheus for high-level metrics.

Figure 1. Stratoshark Unveils Wireshark-Inspired Cloud System Call Analysis

Loris Degioanni, Sysdig founder and CTO, as well as Stratoshark and Wireshark co-creator, emphasized that solving complex issues often requires deeper system insights. Stratoshark addresses this critical need by delivering detailed system-level data, which is vital for both security analysis and performance troubleshooting. Figure 1 shows Stratoshark Unveils Wireshark-Inspired Cloud System Call Analysis.

"Stratoshark's Deep Dive into Cloud System Troubleshooting"

Loris Degioanni drew a parallel to illustrate the value of Stratoshark: “It’s a bit like the difference between viewing high-level network statistics with a tool like NetFlow and analyzing individual packets with Wireshark.” He emphasized that both perspectives are crucial. While high-level network statistics offer insights into utilization, visibility, and bandwidth consumption, troubleshooting often requires going deeper, down to the single packet level.

Degioanni also pointed out the complexity of cloud networking, particularly in Kubernetes environments, which may involve service meshes, ingress, and gateways. Stratoshark is designed to be agnostic to this varying cloud networking methods, focusing on endpoint-level data collection rather than relying solely on the networking layer.

A common issue in Kubernetes environments is the CrashLoopBackOff, which can be difficult to diagnose. Stratoshark helps by capturing and analyzing system-level data to pinpoint the root causes of such problems.

What Powers Stratoshark? eBPF Technology

At its core, Stratoshark leverages Falco libraries developed by Sysdig, which are based on eBPF (Extended Berkeley Packet Filter) technology. This enables Stratoshark to collect system-level data efficiently and securely from the Linux kernel.

This architecture is similar to how Wireshark utilizes libpcap for network packet capture, offering a familiar approach for network professionals. libpcap is an open-source tool used for network traffic analysis, reinforcing Stratoshark's emphasis on precise, low-level system visibility.

Stratoshark and eBPF: Unlocking Deep System-Level Insights

Loris Degioanni elaborated on how Stratoshark leverages eBPF libraries to connect to trace points within the Linux kernel, enabling the collection of data from key kernel events. These events include system calls, inter-process communication, networking, command execution, and user activity. Stratoshark takes this raw system-level data gathered by eBPF libraries, decodes it, and presents it through an interface that mirrors Wireshark, allowing users to analyze and troubleshoot the captured events.

Open-Source Community and Future Development

In line with Wireshark’s successful open-source approach, Stratoshark is being released under the same open-source license as the Wireshark codebase.

Combs emphasized, “It’s part of the Wireshark codebase, which means it’s definitely open source and will always remain that way.” He also noted that his years working on Wireshark had allowed him to collaborate with numerous talented developers, a testament to the power and impact of its open-source community.

Source: NETWORK WORLD

Cite this article:

Priyadharshini S (2025),"Stratoshark Introduces Wireshark-Like Analysis for Cloud System Calls",AnaTechMaz ,pp.120

Recent Post

Blog Archive