Hi all, I'm excited to announce Stratoshark, a sibling application to Wireshark that lets you capture and analyze process activity (system calls) and log messages in the same way that Wireshark lets you capture and analyze network packets. If you would like to try it out you can download installers for Windows and macOS and source code for all platforms at
https://stratoshark.org.
AMA: I'm the goofball whose name is at the top of the "About" box in both applications, and I'll be happy to answer any questions you might have.
by freedomben on 1/22/25, 5:56 PM
Long, long time user of Wireshark and I instantly recognize your name. Thank you for all the great work over the years :-)
Looks really awesome! I didn't see Linux installation instructions so clicked on the link to the source code, but it links to the Wireshark source[1]. Is Stratoshark part of the same repo as Wireshark? Is Linux supported by Stratoshark?
[1]: https://gitlab.com/wireshark/wireshark
by observationist on 1/22/25, 6:51 PM
The OP URL has been flagged as grayware by Palo Alto and is thus inaccessible to a large number of people, possibly indicating typosquatting, or being miscategorized?
https://wiki.wireshark.org/Stratoshark is a good link for those who can't reach the stratoshark URL directly. The OP link may get recategorized and become accessible in the meantime.
by clbrmbr on 1/22/25, 7:13 PM
Wireshark is to tcpdump as stratoshark is to strace.
Did I get the analogy right?
by pimlottc on 1/22/25, 6:25 PM
The first section on the homepage doesn’t give me a good sense of what the application does. The references to Wireshark suggest it has something to do with network traffic but that doesn’t seem to be the case. It also talks about cloud but nothing seems to be cloud-specific?
by thesuitonym on 1/22/25, 8:46 PM
Would I be right in assuming this is like Sysinternals procmon but with a better interface and for Linux?
by mdaniel on 1/22/25, 3:34 PM
by tarasglek on 1/22/25, 8:20 PM
It is not clear what the architecture for system-call capture is. Is it ptrace, ebpf or some custom thing or some combo? What is the overhead of running this?
The tool looks really cool, hopefully it moves ui state of art beyond windows xperf
by beaugunderson on 1/25/25, 2:24 AM
We have a Python application that we develop inside Docker on macOS using the `python:3.11-slim-bullseye` image that it would be great to generate scap files from for viewing with Stratoshark. I tried installing sysdig in that image but ran into kernel module errors when trying to run it. Should we expect that to work? Am I missing an easier method?
by zokier on 1/22/25, 8:34 PM
Does sysdig (and stratoshark by extension) still require custom out-of-tree kernel module to function?
by idiotsecant on 1/23/25, 2:49 AM
I just want to thank you for wireshark. I use it almost every day when I'm troubleshooting why this or that piece of industrial controls hardware springs a leak in its bit plumbing.
You have the rare distinction of developing a tool that will probably outlive us all. So, thanks!
by n1g3ld0uglas2 on 1/22/25, 3:33 PM
Being able to use Wireshark in Kubernetes is super exciting. I can't wait to get started!
by imcritic on 1/22/25, 6:25 PM
Can this program do more than just observe and trace what happens?
Can one use it to set up some rule to suppress some of the syscalls sent to a specific process? Or alter them by some logic on the go?
by jcul on 1/23/25, 10:07 AM
Wow, I've been a wireshark user for many years, this is really exciting.
by zxvkhkxvdvbdxz on 1/23/25, 3:47 AM
by brutopia on 1/22/25, 7:51 PM
How does it trace syscalls on macos? Do you need to disable SIP?
by westurner on 1/22/25, 4:03 PM
by napolux on 1/22/25, 3:29 PM
having used wireshark since i was a kid... this looks really promising