The Everything Feed - All Packet Pushers Pods PP062: Hunting for Host Security and Performance Issues with Stratoshark
10 snips
May 13, 2025 Gerald Combs, CFO of the Wireshark Foundation and director of open source projects at Sysdig, shares his insights on Stratoshark, a tool designed to analyze system calls. He discusses how Stratoshark aids network, security, and application teams in diagnosing performance issues while investigating potential malware threats. The conversation highlights the tool's user-friendly design and its role in bridging communication between systems, touching on the importance of real-time monitoring and collaboration among teams for enhanced security.
AI Snips
Chapters
Transcript
Episode notes
System Calls Reveal System Activity
- System calls are the boundary between operating system and programs, showing all their interactions with hardware and OS resources.
- Analyzing these reveals a rich source of information to understand system and application behavior beyond just network packets.
Apache Stats Files Excessively
- Gerald shared how an Apache process unexpectedly called "stat" on many files, illustrating typical app behavior unknown even to developers.
- This highlights the value of Stratoshark to uncover and potentially optimize or fix unexpected system call behavior.
Use Sysdig, Falco with Stratoshark
- To analyze system calls, run Stratoshark on your desktop and use external tools like Sysdig or Falco to capture system calls on Linux hosts.
- Use Stratoshark’s sshdig utility to fetch live capture data from remote systems over SSH for interactive analysis.