Description
What a great time to be at ExtraHop! I'm Heath, a new Senior Technical Marketing Engineer. A Technical Marketing Engineer is a fancy name for a geek who likes people AND tech - we're a rare and fun bunch.
With the release of our ExtraHop 5.0 Platform we've added native support for DHCP in the platform. As a rite of passage, every TME has to cook up a new dashboard, get our feet wet with our amazing customers, and distribute the dashboard globally. I built a quick dashboard for discovering and analyzing communication and transactions related to DHCP.
The dashboard allows quick visibility into the operation of DHCP network services, provides a look at possible misconfigurations, and also monitors for rogue DHCP servers using a simple regular expression anyone can tailor to their needs.
I've provided a bundle with the DHCP dashboard and written some more in-depth explanations about what each area of the dashboard is attempting to accomplish in the text areas of the dashboard. Download the bundle and add it to your arsenal.
Until next time...happy Discovering, Exploring and Commanding your wire data!
As an aside, the rogue DHCP server metric filtering needs a little additional explanation to be useful in a particular environment and it involves regular expressions. Don't let this frighten you. If you're filtering just one known DHCP server IP address, you can enter it normally using the dashboard filter as a guide.
An example of an IP filter for a single IP address would be:
^((?!192\.168\.35\.2).)*$
However, if you need to enter multiple IPs, you can simply add them to the regular expression. To separate multiple IP addresses, add a vertical pipe (this character:|), between them.
An example of an IP filter for two IP addresses would be:^((?!(192\.168\.35\.2|172\.2[0-9]\.[1-2]\.3)).)*$.
This filter would catch 172 addresses like: 172.20.1.3 or 172.29.2.3, etc. Any additional IP addresses would also need a | between them to separate them.
Installation Instructions
After downloading, simply upload the bundle and apply it to the system using standard bundle installation and configuration procedures. Then update the metrics filter on the Rogue DHCP server chart based on your environment.