One of the key new features in ExtraHop v4.0 is Universal Payload Analysis -- with this advanced feature, we now have the ability to understand previously unsupported protocols. New methods and events introduced into the Application Inspection Triggers grants you access to TCP and UDP payloads and enables the ability to parse those payloads. For more information on this feature, read the Universal Payload Analysis datasheet.
This bundle is an example of using Universal Payload Analysis to parse the DHCP protocol, store metrics for the activity, and chart that activity over time.
DHCP is short for Dynamic Host Configuration Protocol and is used by IP networks to dynamically distribute networking configuration to hosts such as IP addresses, hostnames, etc. For more information on DHCP, see the Wikipedia Article on the protocol.
What you get
- Triggers (1): DHCP Payload Analysis
- Pages (2): UPA - DHCP (dev) and UPA - DHCP (net)
- Dashboards (1): DHCP (UPA)
There are a few caveats of which to be aware:
- The trigger included in this bundle is quite large and complicated. If you choose to Assign to All as is suggested above in the Installation section, you will be able to notice the increase in Trigger Executes and Trigger Load under the System Health Page.
- Keep in mind that this bundle is just an example of what Universal Payload Analysis can do.
- We have not tested it at any amount of scale.
Download the bundle.
In the full product, import the bundle -- enable and assign the trigger and pages to whatever devices you'd like to monitor for DHCP Activity. For most environments, you will likely want to Assign to All in order to see all of your DHCP traffic (including the broadcasted DHCP DISCOVER messages). Once some DHCP traffic traverses the network, the chart on the 'UPA - DHCP' pages and 'DHCP (UPA)' dashboard should show activity.