What Is Wire Data?

Wire data is the definitive source of truth for IT professionals seeking meaningful operational intelligence. Comprehensive, unrestricted wire data is a deep, rich source of insight that shows you precisely what is happening in your environment, right now!  And, best of all, it is data you already have.

Wire Data Is…

… all L2-L7 communications between all systems on the network, including full bi-directional transactional payloads

… 1000x more robust (when unrestricted) than any other data sources (such as machine or agent-based data)

… the observed behavior between systems, as compared to self-reported behavior (as with machine data)

Wire data analytics turns raw packets into structured wire data.

Wire data analytics transforms raw packet data into structured wire data, as shown in this example payment processing transaction.

Requirements for Wire Data Analytics

Transforming raw wire data into valuable business and IT insight is no simple task. To perform wire data analytics, several capabilities are required:

  • Reassembly of all packets into per-client transactions, flows, and sessions.
  • Decoding of wire protocols—HTTP/S, MQ, SOAP, SQL, CIFS, LDAP, etc.—for application fluency.
  • Contextual analysis of this transactional information understanding the who, what, why, when, how, and where of the transaction. This includes correlated network, web, database, or storage performance and availability for clients and servers involved in the original transaction.
  • Integration with other analytic systems, such as those that make sense of machine data.
  • Programmability, so that IT organizations can define new metrics to answer ad hoc questions; IT organizations are not limited to the metrics that the vendor has defined for them.

How ExtraHop Does Wire Data Analytics

ExtraHop unlocks the full potential of wire data, transforming it into real-time business and IT insight. The ExtraHop Context and Correlation Engine performs sophisticated wire data analytics at line rate—up to a sustained 40Gbps.

  1. SSL Decryption, TCP State Reconstruction, and Full-Stream Reassembly – Upon receiving wire data traffic, the ExtraHop platform recreates the TCP state machines for every endpoint and reconstructs sessions, flows, and transactions. If the traffic is encrypted, ExtraHop performs bulk decryption at line rate so that it can reassemble the full streams.
  2. L2-L7 Content Analysis and Intelligent Protocol Framework – ExtraHop then analyzes the payload and content from L2-L7, extracting application-level metrics and sophisticated infrastructure, network, and transaction metrics for all tiers.
  3. Device and Application Auto-Discovery and Classification – ExtraHop discovers and classifies devices based on ongoing heuristic analysis of MAC addresses, IP addresses, naming protocols, transaction types, and other elements.
  4. Streaming Datastore and Historical Trending and Alerting Engine – Metrics are written to a purpose-built streaming datastore that also powers trend-based alerts.
  5. API and Application Inspection Triggers – An open and extensible platform, ExtraHop includes a programmatic interface for its parsing engine for simple, rapid customization, and SDK documentation that enables IT teams to access the same API used by the ExtraHop web interface.
ExtraHop's real-time stream processor

Read more about the real-time stream processor that powers the ExtraHop platform.

Why Is Wire Data Important?

The network is the common element that ties all components of the application delivery chain together, even as those components become more numerous and distributed. Each link in the application delivery chain interacts with other elements using transport and application protocols (Layers 2 through 7 of the OSI Model). These protocols definitively describe what is happening in the IT environment. The networking adage, “packets don’t lie,” applies here. Moreover, these protocols seldom change, making the network an ideal instrumentation point in increasingly heterogeneous and fluid environments.

Moreover, gathering data off the wire can be accomplished without invasive probes or agents that add overhead and complexity. For this reason, wire data is an ideal source of performance, availability, and security information for business-critical production environments where continuous monitoring of the entire environment is required.

Learn how IT organizations use wire data analytics to achieve measurable results by downloading the ExtraHop Overview White Paper.

In the video below, Jim Hutchins and Grant Dawson at T2 Systems explain the importance of wire data as an essential source of IT operational intelligence.