Heavy Networking 454: Analyzing Encrypted Traffic In The TLS 1.3 Era With ExtraHop (Sponsored)

Summary: Deep packet analysis at line rate is a complex claim. What do we mean when we say, “Deep”? Assuming we mean layer 7 payloads…which protocols? Some of them? All of them?<br> What if the packet is encrypted? What if we’re a dual-stacked IPv4 and IPv6 network?<br> And what do we mean when we say, “Line rate”? We’re at speeds of 400Gbps now. So, which lines are we talking, and how many of them?<br> By the way, if we’re analyzing packets at line rate, where are we keeping them? Do we have to build a massive storage array?<br> None of these problems are new, and the more data we put on the network, the more challenging line rate deep packet inspection becomes. Today we take a stab at it with our sponsor <a href="https://www.extrahop.com/" target="_blank" rel="noopener noreferrer">ExtraHop</a>.<br> Our guest is Mike Ernst, VP of Sales Engineering at ExtraHop. Mike has promised to put his engineering hat on today and keep his inner salesperson in the background.<br> We discuss:<br> <br> * Commercial tools vs. Wireshark<br> * The packet capture architecture required to get “every packet and transaction”<br> * ExtraHop’s appliance family<br> * How ExtraHop gets packets from the public cloud<br> * Real-time analysis vs. investigating stored packets<br> * Differences among flow data, telemetry, and full packet capture<br> * How ExtraHop deals with encrypted traffic<br> * Why an agent is required to decrypt TLS 1.3 traffic<br> <br> Show Links:<br> <a href="https://www.extrahop.com/" target="_blank" rel="noopener noreferrer">ExtraHop</a><br> <a href="https://www.extrahop.com/packetpushers/" target="_blank" rel="noopener noreferrer">ExtraHop.com/packetpushers</a><br> <a href="https://twitter.com/ExtraHop" target="_blank" rel="noopener noreferrer">Follow ExtraHop on Twitter</a><br>