←back to thread

Show HN: Stratoshark, a sibling application to Wireshark

(stratoshark.org)
321 points geraldcombs | 5 comments | 22 Jan 25 15:25 UTC | HN request time: 0.886s | source

Hi all, I'm excited to announce Stratoshark, a sibling application to Wireshark that lets you capture and analyze process activity (system calls) and log messages in the same way that Wireshark lets you capture and analyze network packets. If you would like to try it out you can download installers for Windows and macOS and source code for all platforms at https://stratoshark.org.

AMA: I'm the goofball whose name is at the top of the "About" box in both applications, and I'll be happy to answer any questions you might have.

Show context
pimlottc ◴[22 Jan 25 18:25 UTC] No.42795918[source]
The first section on the homepage doesn’t give me a good sense of what the application does. The references to Wireshark suggest it has something to do with network traffic but that doesn’t seem to be the case. It also talks about cloud but nothing seems to be cloud-specific?
replies(2): >>42795959 #>>42796072 #
gertrunde ◴[22 Jan 25 18:29 UTC] No.42795959[source]
The blog article is a bit more descriptive : https://sysdig.com/blog/stratoshark-extending-wiresharks-leg...

tl;dr version: system calls, but in the wireshark ui. (I've probably oversimplified that!)

replies(1): >>42796125 #
1. vasco ◴[22 Jan 25 18:44 UTC] No.42796125[source]
Thanks for your work! Been using Wireshark for many years after it was used for a network course in university.

Why do you focus on "what happens in your cloud" when we talk about system calls? It'd seem it's useful for any machine, is it just bad marketing copy or am I missing something?

replies(1): >>42796343 #
2. geraldcombs ◴[22 Jan 25 19:09 UTC] No.42796343[source]
You're welcome! It was initially developed as part of my day job at Sysdig, a cloud security company. The initial feature set and use cases focus on getting .scaps (system call and log captures) from cloud environments, but you're entirely correct -- this has much more general applications including troubleshooting and education just like Wireshark does on the networking side.
replies(2): >>42796431 #>>42796728 #
3. vasco ◴[22 Jan 25 19:17 UTC] No.42796431[source]
Thanks for confirming and thanks again for the amazing work.
4. kristopolous ◴[22 Jan 25 19:46 UTC] No.42796728[source]
Hey Gerald, It's Chris from the CACE days. Nice to hear from you. I see this is part of wireshark proper, I'll look into getting this into debian
replies(1): >>42809052 #
5. geraldcombs ◴[23 Jan 25 23:17 UTC] No.42809052{3}[source]
Thanks! It's great to hear from you!