ExtraHop - How it works. 

 

 

The ExtraHop system performs sophisticated network-traffic analysis to ensure that business-critical transactions do not fail. While many tools rely on technologies such as NetFlow, SNMP polling, custom performance agents, or active service checks, the ExtraHop system performs full-stream reassembly and full content analysis to extract and archive valuable performance and health metrics in a real-time datastore. 


The ExtraHop system performs sophisticated network-traffic analysis to ensure that business-critical transactions do not fail. While many tools rely on legacy technologies, such as NetFlow collection, SNMP polling, custom performance agents, or active service checks, the ExtraHop system performs full-stream reassembly and full content analysis to extract and archive valuable performance and health metrics in a real-time datastore.

architectural components ExtraHop How it Works

Passive Deployment

 

The ExtraHop Application Delivery Assurance system is a passive network appliance that is easy to deploy. Using a network tap, SPAN port, VACL capture, or other data-access technology, the ExtraHop system is an out-of-line device that analyzes a copy of the production network traffic in real time, extracting the valuable health and performance information. Rather than sample a portion of network traffic, the ExtraHop system processes every packet at wire speed.


ExtraHop deployment diagram ExtraHop How it Works

Full-Stream Reassembly

While other products only inspect L4 headers, the ExtraHop system performs full-stream reassembly. With this approach, the traffic flows are reconstructed to analyze the payload from L2 to L7. The ExtraHop system is purpose-built for production enterprise environments, supporting real-world traffic patterns such as IP fragments, out-of-order segments, and microbursts. When packet loss occurs on the monitoring link, the ExtraHop system resynchronizes and recovers.

Real-Time Datastore

The ExtraHop system includes a self-contained, streaming datastore for recording and retrieving performance and health metrics in real time. This real-time datastore bypasses the OS filesystem and accesses the underlying block devices directly. The ExtraHop system achieves levels of scalability that exceed other products that use conventional relational databases.