I've had folks ask multiple times recently to try to help understand and visualize communications which ExtraHop doesn't parse out of the box. To that end, I put together a device level page which charts some of those key metrics at the transport:port level.
Say for example that you want to visualize tcp:23 (telnet) communications over time. The bundle (page) json attached provides that ability, charting: 1. telnet: Traffic In/Out 2. telnet: Receive Window 3. telnet: Throttling Zero Windows In/Out - Nagle Delays 4. telnet: Retransmission Time-outs 5. telnet: Turns 6. telnet: Request Transfer / Server Processing / Response Transfer times 7. telnet: Request / Response sizes 8. TCP Round Trip times
you can use this page for any protocol transport:port.
First in the attached json bundle file, globally replace tcp:23 with the L7 spec of your choice (transport:port, L7 protocol spec, or custom protocol name map of your choice.)
Second in the attached json bundle file, globally replace Telnet with the Name of the communication - your choice as well.
Pro Tip (even for me) from Professor Green:
To install a bundle (json file) like the one referenced here, download the file to your local PC, then use the ExtraHop interface to upload, apply,and assign the bundle.
- Navigate to Settings => Bundles
- Click the Upload button
- Browse to and select the JSON file you just downloadedUpload the file
- before you close the dialog, Click Apply to restore the Bundle components to your ExtraHop.
- Assign the page to any devices for which you would like this visualization using the green + button on the device's metadata page or add it to a group or list of devices using the Action dropdown in most any device list page: