Show HN: Trayce – Network tab for Docker containers
Trayce is a tool for intercepting HTTP(S) requests in Docker containers, using eBPF probes. It supports various languages and protocols, with beta versions available for Mac and Linux.
Read original article
Trayce is a tool designed to intercept HTTP(S) requests to and from Docker containers in local development environments. It operates by running the TrayceAgent container alongside existing containers, utilizing eBPF probes to capture network requests, which are then displayed in a graphical user interface (GUI). The tool currently supports HTTP and HTTPS protocols, particularly for languages such as Go and OpenSSL-based languages like Python and Ruby. Future updates are expected to include support for additional protocols such as Websockets, GRPC, MySQL, Postgres, MongoDB, Redis, and Kafka. Trayce is aimed at backend developers, QA engineers, and testers who wish to monitor and analyze the network activity within their Docker containers. The software is available for download in beta versions for Mac and Linux, with a Windows version anticipated in the future. Users can also build the software from source if desired.
Related
Trealla Prolog: Compact and efficient Prolog interpreter
Trealla Prolog is a compact interpreter written in C, compliant with ISO Prolog. It supports unbounded integers, UTF-8 atoms, efficient strings, and runs on Linux, Android, and WebAssembly. It offers C integration, SQLite access, concurrency features, and experimental functionalities. The project is open source under the MIT license.
Show HN: Xcapture-BPF – like Linux top, but with Xray vision
0x.tools simplifies Linux application performance analysis without requiring upgrades or heavy frameworks. It offers thread monitoring, CPU usage tracking, system call analysis, and kernel wait location identification. The xcapture-bpf tool enhances performance data visualization through eBPF. Installation guides are available for RHEL 8.1 and Ubuntu 24.04.
Show HN: TraceLens Visualizing Distributed Systems
TraceLens is a user-friendly OpenTelemetry UI acting as a Collector for data storage. Free during beta, it offers visualization tools and plans a subscription model for commercial use. Contact Asynkron AB for details.
Inspect TLS encrypted traffic using mitmproxy and Wireshark
The article details inspecting TLS traffic with mitmproxy and Wireshark, highlighting challenges and setup steps. It explains using wireguard-tools for connection and decrypting traffic for real-time validation. The author encourages community engagement.
Capturing Linux SSL/TLS plaintext without a CA certificate using eBPF
The GitHub repository contains eCapture, a tool for capturing SSL/TLS text content without a CA certificate using eBPF. It includes modules for Golang, MySQL, PostgreSQL, and bash commands. Detailed documentation available.
- Users express excitement about Trayce's capabilities and its potential for monitoring and analytics integration.
- Concerns are raised about compatibility issues, particularly with multi-architecture support on Apple Silicon devices.
- Suggestions for enhancements include creating a Docker extension and contributing to macports.
- Some users inquire about its applicability beyond Docker containers, such as with microservices and different network drivers.
- There is interest in a user-friendly interface for network logs, similar to existing developer proxies.
16 commentsJust one problem I noticed imminently that prevents me from using this, the docker agent container[1] isn't multi-architecture, this will be an issue on Apple Silicon devices. This is something I have some experience setting up if you are looking for help, though will take some research to figure out how to get going in github actions etc.
1: https://github.com/evanrolfe/trayce_agent/
EDIT: quick search found this post, tested on a side project repo it works great: https://depot.dev/blog/multi-platform-docker-images-in-githu...
libbpf: sec '.reluprobe/gotls_exit_read_register': relo #5: insn #148 against 'active_go_read_args_map'
libbpf: prog 'probe_exit_go_tls_read': found map 17 (active_go_read_args_map, sec 30, off 528) for insn #148
libbpf: Error in bpf_object__probe_loading():Function not implemented(38). Couldn't load trivial BPF program. Make sure your kernel supports BPF (CONFIG_BPF_SYSCALL=y) and/or that RLIMIT_MEMLOCK is set to big enough value.
libbpf: failed to load object 'main.bpf.o'One thing that we've been craving for our infrastructure is something like Little Snitch for containers. We make extensive use of third party containers and have been very concerned about any sort of data exfiltration attempts via supply chain attacks. We have a pile of iptable rules right now, but they're error prone and difficult to rationalize about. If we had something like Little Snitch where we would get the feed of connections and allow us to approve/reject them, it would make us all sleep a lot better.
Best of luck with your endeavors!
> It uses EBPF to achieve zero-configuration sniffing of TLS-encrypted traffic.
Can someone ELI5 this?
Related
Trealla Prolog: Compact and efficient Prolog interpreter
Trealla Prolog is a compact interpreter written in C, compliant with ISO Prolog. It supports unbounded integers, UTF-8 atoms, efficient strings, and runs on Linux, Android, and WebAssembly. It offers C integration, SQLite access, concurrency features, and experimental functionalities. The project is open source under the MIT license.
Show HN: Xcapture-BPF – like Linux top, but with Xray vision
0x.tools simplifies Linux application performance analysis without requiring upgrades or heavy frameworks. It offers thread monitoring, CPU usage tracking, system call analysis, and kernel wait location identification. The xcapture-bpf tool enhances performance data visualization through eBPF. Installation guides are available for RHEL 8.1 and Ubuntu 24.04.
Show HN: TraceLens Visualizing Distributed Systems
TraceLens is a user-friendly OpenTelemetry UI acting as a Collector for data storage. Free during beta, it offers visualization tools and plans a subscription model for commercial use. Contact Asynkron AB for details.
Inspect TLS encrypted traffic using mitmproxy and Wireshark
The article details inspecting TLS traffic with mitmproxy and Wireshark, highlighting challenges and setup steps. It explains using wireguard-tools for connection and decrypting traffic for real-time validation. The author encourages community engagement.
Capturing Linux SSL/TLS plaintext without a CA certificate using eBPF
The GitHub repository contains eCapture, a tool for capturing SSL/TLS text content without a CA certificate using eBPF. It includes modules for Golang, MySQL, PostgreSQL, and bash commands. Detailed documentation available.