Network Observability for SREs & AI Agents
Kubeshark captures cluster-wide network traffic at the speed and scale of Kubernetes, continuously, at the kernel level using eBPF. It consolidates a highly fragmented picture — dozens of nodes, thousands of workloads, millions of connections — into a single, queryable view with full Kubernetes and API context.
Network data is available to AI agents via MCP and to human operators via a dashboard.
What's captured, cluster-wide:
- L4 Packets & TCP Metrics — retransmissions, RTT, window saturation, connection lifecycle, packet loss across every node-to-node path (TCP insights →)
- L7 API Calls — real-time request/response matching with full payload parsing: HTTP, gRPC, GraphQL, Redis, Kafka, DNS (API dissection →)
- Decrypted TLS — eBPF-based TLS decryption without key management
- Kubernetes Context — every packet and API call resolved to pod, service, namespace, and node
- PCAP Retention — point-in-time raw packet snapshots, exportable for Wireshark (Snapshots →)
Get Started
helm repo add kubeshark https://helm.kubeshark.com
helm install kubeshark kubeshark/kubeshark
Dashboard opens automatically. You're capturing traffic.
Connect an AI agent via MCP:
brew install kubeshark
claude mcp add kubeshark -- kubeshark mcp
AI-Powered Network Analysis
Kubeshark exposes all cluster-wide network data via MCP (Model Context Protocol). AI agents can query L4 metrics, investigate L7 API calls, analyze traffic patterns, and run root cause analysis — through natural language. Use cases include incident response, root cause analysis, troubleshooting, debugging, and reliability workflows.
"Why did checkout fail at 2:15 PM?" "Which services have error rates above 1%?" "Show TCP retransmission rates across all node-to-node paths" "Trace request abc123 through all services"
Works with Claude Code, Cursor, and any MCP-compatible AI.
L7 API Dissection
Cluster-wide request/response matching with full payloads, parsed according to protocol specifications. HTTP, gRPC, Redis, Kafka, DNS, and more. Every API call resolved to source and destination pod, service, namespace, and node. No code instrumentation required.
L4/L7 Workload Map
Cluster-wide view of service communication: dependencies, traffic flow, and anomalies across all nodes and namespaces.
Traffic Retention
Continuous raw packet capture with point-in-time snapshots. Export PCAP files for offline analysis with Wireshark or other tools.
Features
| Feature | Description |
|---|---|
| Raw Capture | Continuous cluster-wide packet capture with minimal overhead |
| Traffic Snapshots | Point-in-time snapshots, export as PCAP for Wireshark |
| L7 API Dissection | Request/response matching with full payloads and protocol parsing |
| Protocol Support | HTTP, gRPC, GraphQL, Redis, Kafka, DNS, and more |
| TLS Decryption | eBPF-based decryption without key management |
| AI-Powered Analysis | Query cluster-wide network data with Claude, Cursor, or any MCP-compatible AI |
| Display Filters | Wireshark-inspired display filters for precise traffic analysis |
| 100% On-Premises | Air-gapped support, no external dependencies |
Install
| Method | Command |
|---|---|
| Helm | helm repo add kubeshark https://helm.kubeshark.com && helm install kubeshark kubeshark/kubeshark |
| Homebrew | brew install kubeshark && kubeshark tap |
| Binary | Download |
Contributing
We welcome contributions. See CONTRIBUTING.md.