Skip to main content

Data captured

Spider captures data in two ways:

  1. Network usage
  2. Network capture

Network usage

Network usage is the higher level capture available in Spider.
It captures all network communications, by in an aggregated way, for statistics and discovery.

Gociphers inject plugins in the Linux kernel using eBpf technology to trace all calls to TCP and UDP network requests.
They count how many bytes and network messages are exchanged between any IPs over a minute, and the data is then enriched by Controllers before being serialized in Spider back end.

NetworkUsage.png

Doing so, Spider is able to show all communications happening in a Kubernetes Cluster over time.
Those are one-minute based statistics since the amount is way too huge to store in details, but it offers a very nice way to discover your systems and to spot any wierd situation you may want to dig into.

Spider then allows you to attach a Whisperer to the Workloads that concern you, and to capture the network frames in details.

Accessing Network Usage

You access Network Usage in Spider UI by selecting the Controller deployed in the Kubernetes cluster you're interested in.

You will get access to the cluster map and be able to drill down.

ClusterMap.png

Available views

Two views of Network Usage are available:

  • NLS - Network Logical Structure
    • Displays a logical view of the cluster:
    • Namespaces
    • Parent workloads: Deployments, Daemonsets, Statefulsets, Cronjobs.
  • NPS - Network Physical Structure
    • Displays a physical view of the cluster
    • Nodes
    • Namespaces
    • Real workloads: Pods

Network Capture

Network Capture is the lower level capture available in Spider.
It captures the selected network frames of the workloads the Whisperers are attached to and send them to Spider back end.

You may attach a Whisperer to any Kubernetes workloads using the Controller, or as-code using side-car pattern.

You may also spin Whisperers outside the Kubernetes cluster, and attach them to any physical or network interface of any physical or virtual host.
Only Linux is supported for now. For lack of need to support other Operating Systems.

Whisperers listen to and capture packets from the Network Interfaces, track TCP sessions and Hostnames, and send the whole at high frequency to Spider backend.

NetworkCapture.png

Accessing Network Capture

You may access Network Capture in Spider UI by selecting the Whisperer(s) attached to the hosts of which data you are looking for.

You will get access to the network map and be able to analyse data exchanges.

NetworkMap.png

Available views

Three views of Network Capture are available:

  • IP packets (→ PACK)
  • TCP sessions
  • HTTP communications