Kubeshark FAQs

Name: Kubeshark
Author: kubeshark

Question 1

How does Kubeshark capture and decrypt network traffic?

Accepted Answer

Kubeshark utilizes eBPF at the kernel level to capture continuous, cluster-wide network traffic with minimal overhead. It also performs eBPF-based TLS decryption without requiring any key management, allowing visibility into encrypted communications.

Question 2

Is it possible to export captured network traffic from Kubeshark?

Accepted Answer

Absolutely. Kubeshark offers continuous raw packet capture with the ability to create point-in-time traffic snapshots. These snapshots can be easily exported as standard PCAP files, allowing for offline analysis with tools like Wireshark.

Question 3

What is Kubeshark and what problem does it solve?

Accepted Answer

Kubeshark is an advanced network observability tool for Kubernetes clusters. It solves the challenge of gaining deep network visibility by capturing cluster-wide L4 packets and dissecting L7 API calls, providing full Kubernetes context for troubleshooting, incident response, and performance analysis.

Question 4

What kind of data can Kubeshark analyze?

Accepted Answer

Kubeshark analyzes both L4 packets (providing TCP metrics like retransmissions, RTT, packet loss) and L7 API calls, offering real-time request/response matching with full payload parsing for protocols like HTTP, gRPC, GraphQL, Redis, Kafka, and DNS. All data is resolved with Kubernetes context.

Question 5

Can Kubeshark integrate with AI for network analysis?

Accepted Answer

Yes, Kubeshark exposes all cluster-wide network data via its Model Context Protocol (MCP). This enables AI agents (like Claude, Cursor, or any MCP-compatible AI) to query, analyze traffic patterns, and perform root cause analysis using natural language prompts.

Kubeshark

Kubeshark

主な機能

ユースケース

主な機能

ユースケース