> For the complete documentation index, see [llms.txt](https://docs.qpoint.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.qpoint.io/readme/why-another-agent.md).

# Why another Agent?

Qpoint operates directly on your Linux application servers through our Qtap eBPF sensor. This host-based approach is fundamental to providing the deep visibility and process-level traffic attribution that makes Qpoint powerful.

## The Power of Being Local

Operating directly on the host gives us several key advantages:

* **Process Attribution**: We can see exactly which processes are making external calls
* **Pre-Encryption Visibility**: Access to traffic before TLS encryption occurs
* **Container and Pod Context**: Direct access to container runtime information
* **Efficient Operation**: Minimal overhead by operating at the source
* **No Network Changes**: No need to redirect traffic or modify network architecture

## Technical Foundation

### eBPF Technology

At the heart of Qtap is eBPF (Extended Berkeley Packet Filter), a powerful Linux kernel technology that allows us to:

* Execute programs safely within kernel space
* Attach to specific kernel functions and events
* Access network events and socket operations
* Collect detailed process and connection information

### Kernel Integration Points

Qtap taps into several key areas of the Linux kernel:

1. **Network Stack**
   * Socket operations
   * TCP/IP protocol events
2. **Process Context**
   * Process creation and execution
   * Container runtime details
3. **TLS/SSL Libraries**
   * OpenSSL function calls
   * GoTLS operations
   * NodeTLS interactions
   * Java 11 - 21

## Linux-Centric Design

Qtap is specifically designed for Linux environments because:

* eBPF is a Linux kernel technology
* Most cloud-native workloads run on Linux
* Linux provides rich kernel instrumentation capabilities
* Strong container and orchestration support

## Operating Modes

Qtap can operate in two primary modes:

1. **Native TLS Introspection**
   * Direct integration with SSL/TLS libraries
   * Works with OpenSSL, GoTLS, and NodeTLS
   * No configuration changes needed
2. **Egress Controller**
   * Support for other runtimes
   * Simple environment variable configuration
   * Local certificate injection
