←back to thread

Show HN: Subtrace – Wireshark for Docker Containers

(github.com)
364 points adtac | 5 comments | 18 Feb 25 23:29 UTC | HN request time: 0.437s | source

Hey HN, we built Subtrace (https://subtrace.dev) to let you see all incoming and outgoing requests in your backend server—like Wireshark, but for Docker containers. It comes with a Chrome DevTools-like interface. Check out this video: https://www.youtube.com/watch?v=OsGa6ZwVxdA, and see our docs for examples: https://docs.subtrace.dev.

Subtrace lets you see every request with full payload, headers, status code, and latency details. Tools like Sentry and OpenTelemetry often leave out these crucial details, making prod debugging slow and annoying. Most of the time, all I want to see are the headers and JSON payload of real backend requests, but it's impossible to do that in today's tools without excessive logging, which just makes everything slower and more annoying.

Subtrace shows you every backend request flowing through your system. You can use simple filters to search for the requests you care about and inspect their details.

Internally, Subtrace intercepts all network-related Linux syscalls using Seccomp BPF so that it can act as a proxy for all incoming and outgoing TCP connections. It then parses HTTP requests out of the proxied TCP stream and sends them to the browser over WebSocket. The Chrome DevTools Network tab is already ubiquitous for viewing HTTP requests in the frontend, so we repurposed it to work in the browser like any other app (we were surprised that it's just a bunch of TypeScript).

Setup is just one command for any Linux program written in any language.

You can use Subtrace by adding a `subtrace run` prefix to your backend server startup command. No signup required. Try for yourself: https://docs.subtrace.dev

1. gerwim ◴[20 Feb 25 12:24 UTC] No.43113870[source]
Looks great! Reading through the docs it seems the subtrace process sends all data to your server. I'm reluctant to do that on a production environment, where API keys and personal data are being handled.

Is there any way to run it completely self hosted? If not, are there plans? And how will you monitize self hosted options (if it's possible)?

replies(2): >>43115396 #>>43118227 #
2. ddelnano ◴[20 Feb 25 14:53 UTC] No.43115396[source]
Disclaimer: I'm a maintainer of the project

Pixie [1] is a similar project and offers the self hosted model you are looking for.

We also support 11 application protocols [2] with TLS handshake tracing and MQTT support coming soon (encrypted traffic tracing has been supported for a long time).

[1] https://px.dev

[2] https://docs.px.dev/reference/datatables/

replies(1): >>43115943 #
3. edoceo ◴[20 Feb 25 15:35 UTC] No.43115943[source]
From a dictionary: The meaning of DISCLAIMER is a denial or disavowal of legal claim : relinquishment of or formal refusal to accept an interest or estate.

Perhaps you meant DISCLOSURE

4. adtac ◴[20 Feb 25 18:24 UTC] No.43118227[source]
re self-hosting: yep! Use the -devtools flag to get a stripped down version of Subtrace running entirely locally:

    subtrace run -devtools=/subtrace -- python3 -m http.server
This starts a Python server on localhost:8000 but with Subtrace. Everything except /subtrace is forwarded to the Python server like usual, but if you go to http://localhost:8000/subtrace you should see the Chrome DevTools network tab running in the browser like a regular app. Any request you send to localhost:8000 + all outgoing requests made from inside the Python app will automatically appear in that dashboard!
replies(1): >>43127034 #
5. gerwim ◴[21 Feb 25 13:13 UTC] No.43127034[source]
That would work for a single instance, but when running multiple (e.g., you are horizontally scaled) it would not be ideal.

Is it possible to mimic "subtrace.dev"? There's the 'SUBTRACE_ENDPOINT' environment variable which can be used to set the target endpoint, but is the server side open source too? And does the license grant permission for self hosting the full stack?