Sake Blok - Stratoshark: Wireshark for system calls
Abstract
Gerald, the creator of Wireshark, has been working on a new tool that has just been released to the public: Stratoshark. It has the same look and feel of Wireshark (as it shares quite a bit of common code), but you can analyze (linux) system calls and (cloud) logs with it.
As per www.stratoshark.org: Stratoshark lets you explore and investigate the application-level behavior of your systems. You can capture system call and log activity and use a variety of advanced features to troubleshoot and analyze that activity. If you’ve ever used Wireshark, Stratoshark will look very familiar! It’s a sibling application that shares the same dissection and filtering engine and much of the same user interface. It supports the same file format as Falco and Sysdig CLI, which lets you pivot seamlessly between each tool. As an added bonus, it’s open source, just like Wireshark and Falco.
This talk will give you an introduction to Stratoshark and some hints to get you started on your Stratoshark journey.
Biography
Sake has been analyzing packets for over 20 years. During his work, Sake started developing functionality for Wireshark while working with the analyzer in his day-to-day job. He also enhanced multiple protocol dissectors. In 2007, Sake joined the Wireshark Core Development team. In 2009, After working for a reseller of networking equipment for 8 years, he started the company SYN-bit to provide network analysis and training services to enterprises across Europe.