Go deeper: Linux runtime visibility meets Wireshark

Traceeshark is a Wireshark plugin that brings Tracee's eBPF-based Linux runtime security events into Wireshark for interactive analysis, live capture, and correlation of host events with network traffic. The blog details installation, features (readers, dissectors, live capture), and demonstrates using Traceeshark to analyze the HeadCrab Redis-targeting malware—highlighting detections such as fileless memfd execution, dropped files, redirected I/O (remote shell), and process/network correlation—while emphasizing improved analyst workflows and artifact retrieval.