Install an SSD for Packet Capture on the ExtraHop Discover Appliance

This guide explains how to install the SSD for packet capture on the EH3000, EH6000, EDA 6100, EH8000, EDA 8100, and EDA 9100 ExtraHop Discover appliances.

Note:You must have write access to the ExtraHop Web UI and access to the ExtraHop Admin UI to complete the steps in this guide.

Install the SSD in the ExtraHop Appliance

  1. On the front of the appliance, pull open the last slot.
  2. Insert the SSD for packet capture that you received from ExtraHop Networks.
    The SSD for packet capture is hot-swappable. You do not need to power off the ExtraHop appliance to complete this process.

Confirm whether packet capture is enabled

  1. From the Admin UI, in the Appliance Settings section, click License.
  2. In the Features section, verify the packet capture status.

Enable packet capture

The ExtraHop Discover appliance requires a product key and a license to configure packet capture. In addition, outbound DNS connectivity is required to install the SSD for packet capture.

If you do not have a product key, contact your ExtraHop account team.

  1. Log into the ExtraHop Admin UI.
  2. In the Appliance Settings section, click License.
  3. Click Manage License and then click Update.
  4. Enter the product key and then click Update.
    The ExtraHop system now contacts the license server and validates the product key. After the product key is validated, the license is downloaded.
  5. Refresh your browser to see the updated license.
  6. In the Appliance Settings section, click Disks.
  7. In the Unused Disks section, click Enable.
  8. Wait approximately 5 minutes.
    When the progress indicator disappears, the ExtraHop appliance is ready for packet capture.
  9. In the Admin UI, the Unused Disks section is renamed to Packet Capture and the Status is set to Optimal.

Write triggers for the packet capture

When packet capture is enabled, you can write triggers to specify and deploy targeted packet captures from the ExtraHop appliance to an SSD installed on your ExtraHop appliance or to a regular disk drive in virtual implementations.

Application Inspection triggers are user-defined code that automatically executes on system events through the ExtraHop Trigger API. By writing triggers, you can collect custom metric data about the activities on your network. In addition, triggers can perform operations on protocol messages (such as an HTTP request) before the packet is discarded.

Triggers are a highly customizable and advanced feature. We recommend that you view the following documentation to learn about writing triggers to minimize disruption to your system performance.

Viewing the packet capture results

  1. From the Admin UI, in the Packet Captures section, click View and Download Packet Captures.
  2. In the Packet Capture List section, select a packet capture to download to your workstation.
    Tip:You can filter packet captures by the name and date of the capture.
You can now open the downloaded packet capture in a packet analyzer, such as Wireshark.
Published 2021-10-14 09:14