{"id":1579,"date":"2025-01-28T10:04:52","date_gmt":"2025-01-28T10:04:52","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/01\/28\/stratoshark-wireshark-has-got-a-friend-for-cloud\/"},"modified":"2025-01-28T10:04:52","modified_gmt":"2025-01-28T10:04:52","slug":"stratoshark-wireshark-has-got-a-friend-for-cloud","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/01\/28\/stratoshark-wireshark-has-got-a-friend-for-cloud\/","title":{"rendered":"Stratoshark \u2013 Wireshark Has Got a Friend for Cloud"},"content":{"rendered":"<p>    Stratoshark \u2013 Wireshark Has Got a Friend for Cloud<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>The creators of Wireshark, Gerald Combs and Loris Degioanni, have unveiled Stratoshark, a groundbreaking tool designed to bring Wireshark\u2019s renowned capabilities into the cloud era.<\/p>\n<p>Building on over 25 years of experience with Wireshark, which has become a staple for network analysis with over 5 million daily users, Stratoshark aims to address the challenges of modern cloud environments by focusing on system call analysis.<\/p>\n<p>Wireshark, originally developed to democratize access to network-level visibility, transformed the industry by providing an affordable and intuitive solution for analyzing complex datasets. <\/p>\n<p>Stratoshark Key features include:<\/p>\n<ul class=\"wp-block-list\">\n<li>\n<strong>Familiar 3-Pane Interface<\/strong>: Navigate seamlessly between the big picture and detailed data, similar to Wireshark.<\/li>\n<li>\n<strong>Advanced Filtering<\/strong>: Leverage Wireshark\u2019s powerful filtering system to quickly pinpoint the information you need.<\/li>\n<li>\n<strong>Falco Integration<\/strong>: Effortlessly analyze captures triggered by Falco detections to streamline your security workflows.<\/li>\n<li>\n<strong>Customizable Displays<\/strong>: Adjust and tailor the interface to match your specific use case, just like in Wireshark.<\/li>\n<\/ul>\n<p>Now, Stratoshark applies the same principles to a new domain: troubleshooting and investigating activity in Linux-based systems, including containerized environments.<\/p>\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\">\n<div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Stratoshark Tutorial: Getting Started with Gerald Combs\" width=\"696\" height=\"392\" src=\"https:\/\/www.youtube.com\/embed\/0CuCHkjgD2M?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div>\n<\/figure>\n<p>Stratoshark retains the core design elements that made Wireshark a success:<\/p>\n<ul class=\"wp-block-list\">\n<li>\n<strong>Three-Pane UI<\/strong>: Users can navigate between high-level overviews and detailed data seamlessly.<\/li>\n<li>\n<strong>Flexible Filtering<\/strong>: The tool leverages Wireshark\u2019s powerful filtering system for precise analysis.<\/li>\n<li>\n<strong>Customizable Displays<\/strong>: Like its predecessor, Stratoshark allows users to tailor the interface to their specific needs.<\/li>\n<\/ul>\n<p>However, Stratoshark is tailored for cloud environments, enabling users to capture and analyze Linux system activity such as file I\/O operations, command executions, network activity, and interprocess communication. This makes it an essential tool for troubleshooting performance issues and investigating security events.<\/p>\n<p>One of Stratoshark\u2019s standout features is its integration with Falco, an open-source runtime security tool. This allows users to analyze captures generated by Falco detections, streamlining workflows for security professionals and making it easier to identify and address potential threats.<\/p>\n<h2 class=\"wp-block-heading\"><strong>A New Era for Cloud Troubleshooting<\/strong><\/h2>\n<p>Stratoshark, a sibling to Wireshark, analyzes system calls and logs with a familiar interface. Instead of packets, it captures events like a curl download, showing system calls from library loading to server connections. <\/p>\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgCVT1ISK7F87QO7H730qDbwrwLZkpbQgumh8KJDcI_cZJdexJHFArAfH5KLqV2TGT8wTUDbKSxidICpI9RaJ07Vti0V2SxNQhmnSz_OrUJoffb5zqZZba4e0Oc64bPsWIxxOZ9I4qqdxlMnNSWGTYKViL-hwHMMQUcqtU0E9ORRVG0QAqnhKIzueKvyqFV\/s16000\/stratoshark-0.9.0-curl.png?ssl=1\" alt=\"\"><figcaption class=\"wp-element-caption\">Stratoshark<\/figcaption><\/figure>\n<p>Details such as process name, user, file paths, and more are displayed. For instance, selecting an event that reads a dynamic library reveals both the system call and the dissected executable header within the library.<\/p>\n<p>Combs and Degioanni emphasized that Stratoshark is built on the same philosophy that drove Wireshark\u2019s success making powerful tools accessible and intuitive. <\/p>\n<p>\u201cModern cloud-based applications generate overwhelming amounts of data,\u201d they <a href=\"https:\/\/sysdig.com\/blog\/stratoshark-extending-wiresharks-legacy-into-the-cloud\/\" target=\"_blank\" rel=\"noreferrer noopener\">noted<\/a>. \u201cStratoshark provides everything you need in a single capture.\u201d<\/p>\n<p>For those familiar with Wireshark\u2019s workflows, Stratoshark will feel like home. Its panels, shortcuts, and display filter language mirror those of its predecessor, ensuring a smooth transition for existing users. <\/p>\n<p>With Stratoshark, DevOps teams can:<\/p>\n<p>\u2022 Analyze cloud system calls and logs with Wireshark-like granularity.<br \/>\u2022 Bridge the visibility gap between traditional networks and dynamic cloud workloads.<br \/>\u2022 Combine Wireshark\u2019s rich insights with Falco\u2019s real-time cloud security.<\/p>\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\">\n<div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"StratoShark Demo\" width=\"696\" height=\"392\" src=\"https:\/\/www.youtube.com\/embed\/Uz97DZmwRSM?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div>\n<\/figure>\n<p>For newcomers, the creators believe Stratoshark will be just as transformative as Wireshark has been for network analysis.<\/p>\n<p>Stratoshark is now available for download. For more information about its features or to get started, visit the official website. <\/p>\n<p>With Stratoshark, Combs and Degioanni hope to redefine <a href=\"https:\/\/jeclark.net\/articles\/getting-started-with-stratoshark\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">how cloud system troubleshooting is approached<\/a>, just as they did with network analysis decades ago.<\/p>\n<p>Stratoshark inherits much of Wireshark\u2019s user interface and workflows, offering a three-pane design that allows users to navigate high-level summaries while diving into detailed event data. <\/p>\n<p>This familiarity ensures that existing Wireshark users can easily transition to Stratoshark while extending their expertise into cloud environments.Key features include:<\/p>\n<ul class=\"wp-block-list\">\n<li>\n<strong>System Call Analysis<\/strong>: Capture and dissect system-level activities in Linux environments.<\/li>\n<li>\n<strong>Falco Integration<\/strong>: Analyze alerts generated by Falco for streamlined security workflows.<\/li>\n<li>\n<strong>Customizable Displays<\/strong>: Tailor views to specific use cases, just like in Wireshark.<\/li>\n<li>\n<strong>Open-Source Foundation<\/strong>: Built on eBPF technology for efficient data collection from the Linux kernel.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\"><strong>Addressing Cloud Complexity<\/strong><\/h2>\n<p>Cloud-native environments introduce challenges such as distributed workloads, ephemeral containers, and complex networking setups like Kubernetes service meshes. <\/p>\n<p>Stratoshark is designed to be agnostic to these complexities, focusing instead on endpoint-level data collection. This makes it particularly useful for diagnosing issues like Kubernetes CrashLoopBackOff errors or analyzing containerized application behavior.<\/p>\n<p>\u201cWireshark users live by the phrase \u2018pcap or it didn\u2019t happen,\u2019 but until now cloud packet capture hasn\u2019t been easy or even possible,\u201d said Gerald Combs, co-creator of Wireshark and Stratoshark. \u201cStratoshark helps unlock this level of visibility.\u201d<\/p>\n<p>Stratoshark is part of the broader\u00a0<strong><a href=\"https:\/\/medium.com\/@nigel.douglas\/how-to-capture-an-scap-for-stratoshark-826d194ef52a\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">scap ecosystem<\/a><\/strong>, which includes tools like Sysdig OSS for command-line syscall monitoring and Falco for runtime security.<\/p>\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi6x-Xr8Nq-YnG9AxWEB7zKP4-OFLboGeglY156W2hglQTWDq3fVnv3Nlfx0UjTKno3jintbo0lnJcn4fWqa5g7MaHBUyKdIscFN_oEJYAMNN58UNG1gaDQxAuW8IFASJIPNZzSg7KYhmrXmAijv11h4e0prMYDeiD1VLZgujMqWmDaXi7IKw-qsLlo3uw_\/s16000\/libscap-libsinsp-ecosystem%2520%281%29.png?ssl=1\" alt=\"Stratoshark\"><\/figure>\n<p>This ecosystem mirrors the success of the pcap ecosystem centered around libpcap that made tools like Wireshark interoperable with others such as Zeek, Snort, and nmap.<\/p>\n<p>By combining Wireshark\u2019s intuitive workflows with Falco\u2019s real-time cloud-native security capabilities, Stratoshark empowers network professionals to extend their skills to modern infrastructure. You can download Stratoshark and <a href=\"https:\/\/stratoshark.org\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">learn more at the website<\/a>.<\/p>\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(135deg,rgb(238,238,238) 100%,rgb(169,184,195) 100%)\"><strong>Are you from SOC\/DFIR Teams? \u2013\u00a0Analyse Malware Files &amp; Links with ANY.RUN Sandox -&gt;\u00a0<a href=\"https:\/\/any.run\/demo\/?utm_source=li_csn&amp;utm_medium=post&amp;utm_campaign=video_meme&amp;utm_content=demo&amp;utm_term=270125\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Try for Free<\/a><\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/stratoshark\/\">Stratoshark \u2013 Wireshark Has Got a Friend for Cloud<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Balaji N<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/stratoshark\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Stratoshark \u2013 Wireshark Has Got a Friend for Cloud The creators of Wireshark, Gerald Combs and Loris Degioanni, have unveiled Stratoshark, a groundbreaking tool designed to bring Wireshark\u2019s renowned capabilities into the cloud era. Building on over 25 years of experience with Wireshark, which has become a staple for network analysis with over 5 million [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,647],"tags":[130],"class_list":["post-1579","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-what-is","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/1579"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=1579"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/1579\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=1579"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=1579"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=1579"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}