Download PDF

Product Requirements

RevealX Enterprise and ExtraHop Performance systems

Thank you! We will contact you soon to ask how we can improve our documentation. We appreciate your feedback.

Was this topic helpful?

Yes No

Thank you for your feedback. Can we contact you to ask follow up questions?

How can we improve?

Need more help?

Ask the Community

Configure IP address discovery through TTL values

Sensors that are configured for L2 discovery and that have limited means for sharing device IP addresses (such as traffic without ARP, DHCP, or local multicast/broadcast addresses) can discover IP addresses through TTL values.

By adding a field to the running configuration file, you can enable the ExtraHop system to learn IP addresses for devices through packets with well-known time-to-live (TTL) values. These values indicate that the packet was not routed, which means that the ExtraHop system can reasonably identify an IP address assigned to an L2 device. We only recommend enabling this setting when other IP address discovery methods are unavailable.

Log in to the Administration settings on the ExtraHop system through https://<extrahop-hostname-or-IP-address>/admin.
In the Appliance Settings section, click Running Config.
Click Edit config.
Add an entry to the running configuration file by completing the following steps:
1. Add a comma after the second to last curly brace (}).
2. Press ENTER to create a new line.
Paste the following code on the new line before the final curly brace:
```
"capture": {
        "device_l2_cache_ip_ttl": true,
    }
```
Click Update.
Click Done.
Click Save config and then click Save.

Last modified 2024-08-07

Documentation

Products

Differentiation

Solutions

Security Operations

Cloud-Native Security

Application Analytics

Network Performance

Customers

Community

Partners

Support

Training

Resources

More Resources

Company

Events and Information

Configure IP address discovery through TTL values