Degioanni famous that cloud networking, particularly in Kubernetes environments, could be very complicated with numerous approaches like service mesh, ingress, and gateways. Stratoshark is designed to be agnostic to the particular cloud networking strategy, specializing in accumulating information on the endpoint degree quite than counting on the networking layer.
One specific concern that Combs stated is widespread in Kubernetes is the CrashLoopBackOff concern that may be tough to diagnose and resolve. Combs stated that Stratoshark supplies the power to seize and analyze system-level information to assist determine the foundation causes of such points.
What’s inside Stratoshark? eBPF
At its core, Stratoshark makes use of Falco libraries developed by Sysdig. These Falco libraries are primarily based on eBPF (Enhanced Berkeley Packet Filter) know-how to gather system-level information effectively and safely from the Linux kernel.
This strategy mirrors how Wireshark makes use of libpcap for community packet seize, creating a well-known architectural sample for networking professionals. The libpcap library is an open-source device for community visitors seize.
Degioanni defined that the eBPF libraries connect with hint factors within the Linux kernel to entry and accumulate information from numerous kernel-level occasions, resembling system calls, inter-process communication, networking, command execution and consumer exercise. Stratoshark takes the uncooked system-level information collected by the eBPF libraries and decodes it, offering a consumer interface much like Wireshark for analyzing and troubleshooting the captured occasions.
Open-source group and future growth
Following Wireshark’s profitable open-source mannequin, Stratoshark is being launched underneath the identical open-source license as the Wireshark codebase.