Protocol Support
Kubeshark supports a comprehensive range of network protocols across multiple layers, from low-level transport protocols to application-layer APIs.
Supported Protocols
HTTP & Web Protocols
| Protocol | Version | Description |
|---|---|---|
| HTTP/1.0 | RFC 1945 | Original HTTP protocol |
| HTTP/1.1 | RFC 2616 | Persistent connections, chunked transfer |
| HTTP/2 | RFC 7540 | Multiplexed streams, header compression |
| WebSocket | RFC 6455 | Full-duplex communication over HTTP |
| GraphQL | HTTP/1.1 & HTTP/2 | Query language for APIs |
Messaging & Streaming
| Protocol | Description |
|---|---|
| Apache Kafka | Distributed event streaming platform |
| AMQP | Advanced Message Queuing Protocol (RabbitMQ) |
| Redis | In-memory data structure store protocol |
RPC & API Protocols
| Protocol | Description |
|---|---|
| gRPC | High-performance RPC over HTTP/2 |
Authentication Protocols
| Protocol | RFC | Description |
|---|---|---|
| LDAP | RFC 4511 | Lightweight Directory Access Protocol |
| RADIUS | RFC 2865 | Remote Authentication Dial-In User Service |
| DIAMETER | RFC 6733 | Authentication, Authorization, and Accounting |
Network & Transport Layer
| Protocol | RFC | Description |
|---|---|---|
| TCP | RFC 9293 | Transmission Control Protocol |
| UDP | RFC 768 | User Datagram Protocol |
| SCTP | RFC 4960 | Stream Control Transmission Protocol |
| DNS | RFC 1035 | Domain Name System |
| ICMP | RFC 792 | Internet Control Message Protocol |
Security Protocols
| Protocol | Description |
|---|---|
| TLS | Transport Layer Security with automatic decryption |
TLS Decryption
Kubeshark can intercept TLS-encrypted traffic without requiring access to private keys.
Kubeshark hooks into runtime cryptographic libraries to capture plaintext data at the application layer before encryption or after decryption:
| Library | Language/Platform |
|---|---|
| OpenSSL | C/C++, Python, Ruby, PHP, etc. |
| crypto/tls | Go applications |
| BoringSSL | Chrome, Android, etc. |
Service Mesh Integration
Kubeshark integrates seamlessly with service mesh solutions, displaying mTLS-encrypted traffic in plaintext:
Learn more about TLS decryption →
How Protocol Dissection Works
Kubeshark uses advanced packet capture technologies:
- Capture: eBPF and AF_PACKET capture Layer 4 traffic (TCP, UDP, SCTP)
- Identify: Protocol identification based on port numbers and payload inspection
- Dissect: Protocol-specific parsing reconstructs application-layer messages
- Enrich: Traffic is enriched with Kubernetes context (pods, services, namespaces)
If Kubeshark cannot identify the protocol, the traffic is discarded and not displayed. Only traffic from targeted pods is captured.