What Is Wire Data?

Information off the wire is the best source of cross-tier visibility and the basis for real-time IT operational intelligence. The information needed for operational intelligence has always existed on the wire, but previously was not available in real time or in a way that was easily understood. The ExtraHop platform introduces revolutionary wire data analysis capabilities that make it possible—for the first time—to fully analyze the wealth of data that passes over the wire in real time and present it in a way that makes sense for any IT Operations professional.

What is Wire Data?
Wire data is all L2-L7 communications between all systems, including full bi-directional transactional payloads.

Requirements for Wire Data Analytics

Transforming raw wire data into valuable business and IT insight is no simple task. To perform wire data analytics, several capabilities are required:

  • Reassembly of all packets into per-client transactions, flows, and sessions.
  • Decoding of wire protocols—HTTP/S, MQ, SOAP, SQL, CIFS, LDAP, etc.—for application fluency.
  • Contextual analysis of this transactional information understanding the who, what, why, when, how, and where of the transaction. This includes correlated network, web, database, or storage performance and availability for clients and servers involved in the original transaction.
  • Integration with other analytic systems, such as those that make sense of machine data.
  • Programmability, so that IT organizations can define new metrics to answer ad hoc questions; IT organizations are not limited to the metrics that the vendor has defined for them.

How ExtraHop Does Wire Data Analytics

ExtraHop unlocks the full potential of wire data, transforming it into real-time business and IT insight. The ExtraHop Context and Correlation Engine performs sophisticated wire data analytics at line rate—up to a sustained 20Gbps.

  1. SSL Decryption, TCP State Reconstruction, and Full-Stream Reassembly – Upon receiving wire data traffic, the ExtraHop platform recreates the TCP state machines for every endpoint and reconstructs sessions, flows, and transactions. If the traffic is encrypted, ExtraHop performs bulk decryption at line rate so that it can reassemble the full streams.
  2. L2-L7 Content Analysis and Intelligent Protocol Framework – ExtraHop then analyzes the payload and content from L2-L7, extracting application-level metrics and sophisticated infrastructure, network, and transaction metrics for all tiers.
  3. Device and Application Auto-Discovery and Classification – ExtraHop discovers and classifies devices based on ongoing heuristic analysis of MAC addresses, IP addresses, naming protocols, transaction types, and other elements.
  4. Streaming Datastore and Historical Trending and Alerting Engine – Metrics are written to a purpose-built streaming datastore that also powers trend-based alerts.
  5. API and Application Inspection Triggers – An open and extensible platform, ExtraHop includes a programmatic interface for its parsing engine for simple, rapid customization, and SDK documentation that enables IT teams to access the same API used by the ExtraHop web interface.
Read how each part of the ExtraHop Context and Correlation Engine works.

Read how each part of the ExtraHop Context and Correlation Engine works.

Learn how IT organizations use wire data analytics to achieve measurable results by downloading the ExtraHop Overview White Paper.

Why Is Wire Data Important?

The network is the common element that ties all components of the application delivery chain together, even as those components become more numerous and distributed. Each link in the application delivery chain interacts with other elements using transport and application protocols (Layers 2 through 7 of the OSI Model). These protocols definitively describe what is happening in the IT environment. The networking adage, “packets don’t lie,” applies here. Moreover, these protocols seldom change, making the network an ideal instrumentation point in increasingly heterogeneous and fluid environments.

Moreover, gathering data off the wire can be accomplished without invasive probes or agents that add overhead and complexity. For this reason, wire data is an ideal source of performance, availability, and security information for business-critical production environments where continuous monitoring of the entire environment is required.

In the video below, Jim Hutchins and Grant Dawson at T2 Systems explain the importance of wire data as an essential source of IT operational intelligence.