L4 to L7 Mapping

This feature is part of Kubeshark V2.00, scheduled to release in early 2026.

L4 (TCP or UDP) Connection

Each dissected API call now includes a reference to its corresponding L4 connection, which contains the raw packets of the traffic.

An L4 connection represents a stream of traffic between a source (identified by an IP) and a destination (identified by an IP and port). Each connection has a defined start and end, and a state: OPEN, CLOSED, or IN-PROGRESS. Connections include both ingress and egress raw packets, which can be downloaded as a PCAP file or viewed directly in Kubeshark’s new online PCAP viewer.

Online PCAP Viewer

While you can download the raw packets of any L4 connection as a PCAP file for inspection in Wireshark, Kubeshark also provides a built-in online PCAP Viewer for quick and easy packet analysis.

L4 to L7 Mapping

You can now view the relationship between all L7 API calls dissected from a specific L4 connection.

In the example above, all dissected Kafka API calls are associated with the first listed TCP connection. This functionality is accessible by clicking the L4 to L7 mapping icon: