Want to see Kubeshark in action right now? Visit this live demo deployment of Kubeshark.

Kubeshark is a network observability platform for Kubernetes, providing real-time, protocol-level visibility into Kubernetes’ network. It enables users to inspect all internal and external cluster connections, API calls, and data in transit. Additionally, Kubeshark detects suspicious network behaviors, triggers automated actions, and provides deep insights into the network.

Think TCPDump and Wireshark reimagined for Kubernetes.

Download Kubeshark's binary distribution latest release or use one of the following methods to deploy Kubeshark. The web-based dashboard should open in your browser, showing a real-time view of your cluster's traffic.

Homebrew 🍺 users can install the Kubeshark CLI with:

brew install kubeshark
kubeshark tap

To clean up:

kubeshark clean

Add the Helm repository and install the chart:

helm repo add kubeshark https://helm.kubeshark.co
helm install kubeshark kubeshark/kubeshark

Follow the on-screen instructions how to connect to the dashboard.

To clean up:

helm uninstall kubeshark

Clone this repository and run the make command to build it. After the build is complete, the executable can be found at ./bin/kubeshark.

To learn more, read the documentation.

Record all cluster traffic and consolidate it into a single PCAP file (tcpdump-style).

Run Kubeshark to start capturing traffic:

kubeshark tap --set headless=true

You can press ^C to stop the command. Kubeshark will continue running in the background.

Take a snapshot of traffic (e.g., from the past 5 minutes):

kubeshark pcapdump --time 5m

Read more here.

We ❤️ pull requests! See CONTRIBUTING.md for the contribution guide.