AI-Powered Network Observability

Think Wireshark—reimagined for Kubernetes: deployed cluster-wide, continuously capturing and analyzing traffic in real time.

Kubeshark delivers cluster-wide, real-time, identity-aware, protocol-level visibility into both L4 and L7 (API) traffic, including encrypted (TLS) payloads, as it enters, exits, and flows through containers, pods, namespaces, nodes, and clusters.

Protocol Support

Kubeshark leverages advanced packet capture technologies such as eBPF and AF_PACKET to capture Layer 4 traffic (TCP, UDP, SCTP) across the cluster, reconstructing it into application-layer protocols. Supported protocols include:

• HTTP/1.0
• HTTP/1.1
• HTTP/2
• WebSocket
• AMQP
• Apache Kafka
• Redis
• gRPC over HTTP/2
• GraphQL over HTTP/1.1
• GraphQL over HTTP/2
• LDAP
• RADIUS
• DIAMETER
• ICMP
• DNS
• UDP
• SCTP
• TLS
• TCP

Kubeshark can intercept TLS-encrypted traffic inside the cluster without requiring access to private keys by hooking into runtime cryptographic libraries such as OpenSSL, Go’s crypto/tls, and BoringSSL. This technique captures plaintext data at the application layer before encryption or after decryption.

Kubeshark also integrates seamlessly with service mesh solutions such as Istio, Linkerd, and others, displaying mTLS-encrypted traffic in plaintext.

Traffic Recording and Offline Analysis

For issues that are not immediately apparent during live monitoring, you can schedule traffic captures or trigger recording based on specific events. Captured traffic can be analyzed offline and exported to immutable storage solutions (e.g., AWS S3, GCS) for long-term retention and compliance purposes.

L7 API Dissection

Kubeshark performs L7 API dissection, enriching captured traffic and payloads with full Kubernetes context (e.g., workload identities, namespaces, pods, nodes, and services) as well as API context (e.g., request/response correlation, endpoints, status codes, headers, and payloads).