Qtap

What is Qtap?

Qtap is a lightweight, high-performance probe that leverages Extended Berkeley Packet Filter (eBPF) technology to capture and analyze network traffic at the kernel level. Unlike traditional monitoring tools, Qtap can inspect SSL/TLS traffic without the need for certificate management or traffic decryption, providing a unique balance of deep visibility and operational simplicity.

Key Features

  1. Pre-encryption Traffic Capture: Qtap captures application traffic before encryption, allowing for detailed analysis without compromising security or requiring complex decryption processes.

  2. eBPF Technology: By utilizing eBPF, Qtap achieves high-performance, low-overhead monitoring directly within the Linux kernel.

  3. Flexible Deployment: Qtap can be easily deployed using various methods, including Linux binaries, Docker containers, and Kubernetes Helm charts, making it adaptable to diverse infrastructure environments.

  4. Comprehensive Traffic Analysis: Capture and analyze various aspects of egress traffic, including HTTP headers, payload sizes, and connection metadata.

  5. Configurable Monitoring: Tailor Qtap's behavior with fine-grained controls over what traffic to monitor, how to process it, and where to send the resulting data.

  6. Cloud-Native Integration: Designed to work seamlessly in modern, cloud-native environments, Qtap integrates well with containerized applications and microservices architectures.

  7. Audit Logging: Generate detailed audit logs of network activity, with options to include or exclude specific types of information, such as DNS queries.

How Qtap Works

Qtap operates by attaching eBPF programs to specific points in the kernel's network stack. This allows it to intercept and analyze network traffic at the socket level, before encryption occurs. The captured data is then processed according to user-defined rules and can be sent to various outputs for further analysis or storage.

By providing this level of visibility without the need for intrusive techniques like SSL/TLS termination, Qtap offers a unique solution that balances deep insights with operational efficiency and security.

In the following sections, we'll dive deeper into Qtap's installation, configuration, and usage, enabling you to harness its full potential for your egress traffic monitoring needs.

Language Support

  • Ruby

  • Python

  • Nodejs

  • Go

Support for Java, .NET, and Erlang is coming soon.

Last updated