Show HN: Stratoshark, a sibling application to Wireshark (stratoshark.org)
Hi all, I'm excited to announce Stratoshark, a sibling application to Wireshark that lets you capture and analyze process activity (system calls) and log messages in the same way that Wireshark lets you capture and analyze network packets. If you would like to try it out you can download installers for Windows and macOS and source code for all platforms at https://stratoshark.org.
AMA: I'm the goofball whose name is at the top of the "About" box in both applications, and I'll be happy to answer any questions you might have.
52 comments
[ 2.9 ms ] story [ 101 ms ] threadI found its man page in the repo which I found insightful https://gitlab.com/wireshark/wireshark/-/blob/ssv0.9.0/doc/m...
and don't overlook this neato thing: https://gitlab.com/wireshark/wireshark/-/blob/ssv0.9.0/doc/m...
Looks really awesome! I didn't see Linux installation instructions so clicked on the link to the source code, but it links to the Wireshark source[1]. Is Stratoshark part of the same repo as Wireshark? Is Linux supported by Stratoshark?
[1]: https://gitlab.com/wireshark/wireshark
Can one use it to set up some rule to suppress some of the syscalls sent to a specific process? Or alter them by some logic on the go?
tl;dr version: system calls, but in the wireshark ui. (I've probably oversimplified that!)
Why do you focus on "what happens in your cloud" when we talk about system calls? It'd seem it's useful for any machine, is it just bad marketing copy or am I missing something?
Update: Changed the first sentence to "Stratoshark lets you explore and analyze applications at the system call level using a mature, proven interface based on Wireshark.
https://wiki.wireshark.org/Stratoshark is a good link for those who can't reach the stratoshark URL directly. The OP link may get recategorized and become accessible in the meantime.
https://urlfiltering.paloaltonetworks.com/
Update: We're now Low-Risk / Computer-and-Internet-Info.
Did I get the analogy right?
It'd be interesting to see if we can integrate more fully with strace as well, but that might require updating strace itself.
[1]https://github.com/draios/sysdig
[1] https://github.com/falcosecurity/plugins?tab=readme-ov-file#...
[1]https://github.com/falcosecurity/libs
Once you add capture on macOS with something like dtrace, could you concievably capture a system call inside Docker on macOS and watch it trickle down through the linux hypervisor and then to the host darwin kernel and back?
How does it conceptually track the handoff of system calls between hypervisors/VMs/containers/etc?
I currently struggle debugging opaque containers and VMs that run lots of concurrent async jobs, having some kind of tool to trace and group syscalls through the stack would be amazing.
https://developer.apple.com/documentation/endpointsecurity
The tool looks really cool, hopefully it moves ui state of art beyond windows xperf
[1]https://github.com/falcosecurity/libs/
[1]https://gitlab.com/wireshark/wireshark/-/issues/20317
You have the rare distinction of developing a tool that will probably outlive us all. So, thanks!
https://www.youtube.com/watch?v=VjsmfuIqo8Q