What's really happening in your cloud?

Stratoshark lets you explore and analyze applications at the system call level using a mature, proven interface based on Wireshark. Created for the community by Sysdig.

News

Stratoshark: Extending Wireshark’s legacy into the cloud
Blog post by Gerald Combs and Loris Degioanni

Those Aren't Packets: How Stratoshark Brings the Power of Wireshark to the Cloud
Blog post by Gerald Combs

How to capture an SCAP for Stratoshark
Blog post by Nigel Douglas

Getting Started With Stratoshark
Blog post by Josh Clark

Download

The latest release of Stratoshark is 0.9.0. You can get it at the following locations:

Learn

Stratoshark lets you explore and investigate the application-level behavior of your systems. You can capture system call and log activity and use a variety of advanced features to troubleshoot and analyze that activity. If you've ever used Wireshark, Stratoshark will look very familiar! It's a sibling application that shares the same dissection and filtering engine and much of the same user interface. It supports the same file format as Falco and Sysdig CLI, which lets you pivot seamlessly between each tool. As an added bonus, it's open source, just like Wireshark and Falco.

Quick start guide

Stratoshark wiki page

Getting Started With Stratoshark, blog post by Josh Clark

How to capture an SCAP for Stratoshark, blog post by Nigel Douglas

Troubleshooting CrashLoopBackOff with Stratoshark, blog post by Nigel Douglas

Stratoshark remote capture tutorial, blog post by Philippe Bogaerts

Videos

Stratoshark demo from Sysdig

Stratoshark Tutorial: Getting Started with Gerald Combs by Chris Greer

Stratoshark demo by Ross Bagurdes

Get Help

Wireshark Q&A community

The #stratoshark channel on the Wireshark Discord server