At least on Linux it runs on eBPF sniffing so the chances of fudging something are lower. There are some supported Linux distributions where they also have a kernel module and there might a higher chance of that exploding.