Stratoshark Applying the power of Wireshark to Sys - Common Knowledge Scout

# Stratoshark Extending Wireshark to System Calls and Logs > [! note]- > The content of this page is generated by audio/video transcription and text transformation from the content and links of this source. Source: [https://fosdem.org/2025/schedule/event/fosdem-2025-4716-stratoshark-applying-the-power-of-wireshark-to-system-calls-and-logs/](https://fosdem.org/2025/schedule/event/fosdem-2025-4716-stratoshark-applying-the-power-of-wireshark-to-system-calls-and-logs/) <video src="https://video.fosdem.org/2025/k1105/fosdem-2025-4716-stratoshark-applying-the-power-of-wireshark-to-system-calls-and-logs.av1.webm" controls></video> ## Summary & Highlights: **Introduction to Stratoshark** Stratoshark is a new tool that extends the capabilities of Wireshark, a well-known network packet analyzer, to system calls and logs. This innovation allows for deeper analysis and troubleshooting across Linux servers, Kubernetes clusters, and any system generating Linux system calls or real-time log events. By leveraging Falco’s libraries, Stratoshark enables users to apply Wireshark’s intuitive interface to a broader range of data types, enhancing cloud-native computing applications. **Wireshark's Legacy and Stratoshark's Development** Wireshark, originally known as Ethereal, has evolved significantly since its inception. It supports over 3,000 network protocols and has a vast user base. Stratoshark builds on this legacy by incorporating Wireshark’s dissection engine to analyze system calls, thereby providing a familiar user experience for developers and network analysts. The development of Stratoshark is driven by the need to apply Wireshark’s successful model to new data types, facilitated by Sysdig’s libraries like LIBSCAP and LIBSINSP. **Demonstration and Use Cases** During the session, a live demonstration showcased Stratoshark’s capabilities, including its application to AWS audit events via the Falco plugin for CloudTrail. The tool allows for detailed inspection of system calls, enabling users to troubleshoot and analyze system behavior in real-time. This functionality is particularly beneficial for environments using Kubernetes and cloud services, where understanding the interaction between applications and the operating system is crucial. **Community and Future Development** Stratoshark is still in its early stages, with version 0.9.0 reflecting its ongoing development. The project benefits from a strong community of contributors, similar to Wireshark, and is expected to grow with new features and improvements. Future releases aim to synchronize with Wireshark’s schedule, enhancing integration and usability across platforms. Community involvement is encouraged to expand Stratoshark’s capabilities and address current limitations, such as local capture on Windows and macOS. **Challenges and Opportunities** While Stratoshark opens new avenues for system analysis, challenges remain in terms of packaging and deployment, particularly for Linux distributions. The session highlighted the need for further development in areas like local capture support and efficient handling of large data volumes. Despite these challenges, Stratoshark represents a significant step forward in network and system analysis, offering valuable tools for developers and IT professionals. ## Importance for an eco-social transformation Stratoshark's development is significant for eco-social transformation as it enhances the ability to analyze and optimize system performance, which can lead to more efficient use of resources. This is particularly relevant in cloud-native environments where resource allocation and management are critical. By providing deep insights into system calls and logs, Stratoshark can help identify inefficiencies and security vulnerabilities, contributing to more sustainable IT practices. For eco-social designers, the tool offers a way to integrate network and system analysis into their projects, ensuring that digital infrastructures are both efficient and secure. However, challenges such as the need for extensive technical knowledge and potential privacy concerns regarding data analysis must be addressed. Additionally, fostering an open-source community around Stratoshark can promote collaborative development and innovation, aligning with the principles of open design and sustainable development. ## Links [Stratoshark website](https://stratoshark.org) [Stratoshark wiki page](https://wiki.stratoshark.org) [Video recording (AV1/WebM)](https://video.fosdem.org/2025/k1105/fosdem-2025-4716-stratoshark-applying-the-power-of-wireshark-to-system-calls-and-logs.av1.webm) [Video recording (MP4)](https://video.fosdem.org/2025/k1105/fosdem-2025-4716-stratoshark-applying-the-power-of-wireshark-to-system-calls-and-logs.av1.mp4) [Video recording subtitle file (VTT)](https://video.fosdem.org/2025/k1105/fosdem-2025-4716-stratoshark-applying-the-power-of-wireshark-to-system-calls-and-logs.vtt)