Sign up to save your podcasts
Or
Share Heavy Networking 454: Analyzing Encrypted Traffic In The TLS 1.3 Era With ExtraHop (Sponsored)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Heavy Networking 454: Analyzing Encrypted Traffic In The TLS 1.3 Era With ExtraHop (Sponsored)
Deep packet analysis at line rate is a complex claim. What do we mean when we say, “Deep”? Assuming we mean layer 7 payloads…which protocols? Some of them? All of them?
What if the packet is encrypted? What if we’re a dual-stacked IPv4 and IPv6 network?
And what do we mean when we say, “Line rate”? We’re at speeds of 400Gbps now. So, which lines are we talking, and how many of them?
By the way, if we’re analyzing packets at line rate, where are we keeping them? Do we have to build a massive storage array?
None of these problems are new, and the more data we put on the network, the more challenging line rate deep packet inspection becomes. Today we take a stab at it with our sponsor ExtraHop.
Our guest is Mike Ernst, VP of Sales Engineering at ExtraHop. Mike has promised to put his engineering hat on today and keep his inner salesperson in the background.
We discuss:
* Commercial tools vs. Wireshark
* The packet capture architecture required to get “every packet and transaction”
* ExtraHop’s appliance family
* How ExtraHop gets packets from the public cloud
* Real-time analysis vs. investigating stored packets
* Differences among flow data, telemetry, and full packet capture
* How ExtraHop deals with encrypted traffic
* Why an agent is required to decrypt TLS 1.3 traffic
Show Links:
ExtraHop
ExtraHop.com/packetpushers
Follow ExtraHop on Twitter
View all episodes
By Packet Pushers
4.9
324324 ratings
Deep packet analysis at line rate is a complex claim. What do we mean when we say, “Deep”? Assuming we mean layer 7 payloads…which protocols? Some of them? All of them?
What if the packet is encrypted? What if we’re a dual-stacked IPv4 and IPv6 network?
And what do we mean when we say, “Line rate”? We’re at speeds of 400Gbps now. So, which lines are we talking, and how many of them?
By the way, if we’re analyzing packets at line rate, where are we keeping them? Do we have to build a massive storage array?
None of these problems are new, and the more data we put on the network, the more challenging line rate deep packet inspection becomes. Today we take a stab at it with our sponsor ExtraHop.
Our guest is Mike Ernst, VP of Sales Engineering at ExtraHop. Mike has promised to put his engineering hat on today and keep his inner salesperson in the background.
We discuss:
* Commercial tools vs. Wireshark
* The packet capture architecture required to get “every packet and transaction”
* ExtraHop’s appliance family
* How ExtraHop gets packets from the public cloud
* Real-time analysis vs. investigating stored packets
* Differences among flow data, telemetry, and full packet capture
* How ExtraHop deals with encrypted traffic
* Why an agent is required to decrypt TLS 1.3 traffic
Show Links:
ExtraHop
ExtraHop.com/packetpushers
Follow ExtraHop on Twitter
More shows like Heavy Networking
View all
The Cloudcast
153 Listeners
The Everything Feed - All Packet Pushers Pods
194 Listeners
The Fat Pipe - Most Popular Packet Pushers Pods
70 Listeners
Network Break
101 Listeners
Tech Bytes
5 Listeners
IPv6 Buzz
33 Listeners
Day Two DevOps
15 Listeners
The Hedge
15 Listeners
The Art of Network Engineering
81 Listeners
Heavy Strategy
27 Listeners
Heavy Wireless
9 Listeners
Packet Protector
6 Listeners
Network Automation Nerds
2 Listeners
Technically Leadership
0 Listeners
Total Network Operations
3 Listeners
N Is For Networking
10 Listeners