Looks great! Reading through the docs it seems the subtrace process sends all data to your server. I'm reluctant to do that on a production environment, where API keys and personal data are being handled.

Is there any way to run it completely self hosted? If not, are there plans? And how will you monitize self hosted options (if it's possible)?

Show 2 replies

Wireshark seems a bit misleading. More like a "network inspector" if one leans towards the browser's network tab in the inspector?

But it really looks useful and I'll definitely play with it to see if I put it into my toolbox.

Show 2 replies

Looks like it is for http requests only? If so, wireshark is not an apt comparison. Show 1 reply

Can it decrypt tls? Perhaps by hooking the calls to common libraries? Show 1 reply

From the video it seems the dashboard is hosted on sibtrace.dev. Is my data being sent there? That's an absolute no-go for me. Show 1 reply

My most painful debugging scenarios with Docker networking (for me) has always been dealing with non-TCP traffic. But still, this seems useful. One thing I don't understand is why this requires an account token? Does this require a network connection to subtrace? It seems like this should all be running locally, and these kinds of connection details are _exactly_ the kind I would not want to leave the host, let alone go to a third party. Show 1 reply

Congrats on the seccomp-based interception, that's a really neat way to solve this problem! We did some BPF_PROG_TYPE_CGROUP_SOCK eBPF shenanigans in mitmproxy for redirection, but that doesn't work with containers at all. Cool to see that intercepting all relevant syscalls works that well.

Have not played around with it, but, curious, how does debugging on production work for a specific request/session? Can I filter by some sort if request trace id or something? Show 1 reply

Always wanted a tool like this. Will try it out next time I need to inspect traffic of a docker container.

So "tcpdump as a service"? Why wouldn't I just generate my own pcap and stick it into wireshark or whatever I like for looking at packet captures? I'm having trouble seeing the value prop here.

Very happy subtrace user here. Especially useful to possess the Server-Timing headers. Show 2 replies

You can use mitmproxy and mitmweb to achieve the same. It is in Docker hub and you can pass environment variables to your other containers to make it work.

The TLS certificate setup is more tricky but that is always going to be a pain.

Burp Proxy is another great tool that is even more powerful but harder to set up.

This will help those developers who don't want to navigate Wireshark's setup and just want the familiar Chrom DevTools. Very cool project!

Do you envision going beyond just network calls from bpf? Show 1 reply

Interesting! How does this handle latency? Does it introduce any noticeable delay? Show 1 reply

Cool product, I can imagine my engineers using it. Out of curiosity, how would you monitize that? Show 1 reply

stratoshark, the docker container part of wireshark, may be a better match for that description.

I'd probably use a postman related pitch instead. This is much closer to that and looks like a nice complement to that workflow

Show 2 replies

We use https://treblle.com/ at work for this in production. Very handy to see what requests are being made and by whom.

Any Windows Server support coming? Show 1 reply

anything similar for k8s? Show 3 replies

or, there's you know... wireshark...

Side question. Why not do a Launch HN instead of Show HN since you are backed by YC ? I thought YC companies can do a launch HN? Show 1 reply

please add YC to the title