How to list L7 Protocols by Peer IP

I am new to Extrahop and so far I am liking what I have seen. We have used this to troubleshoot some bad DNS issues as well as some Active Directory problem. It is frequently becoming my go to tool for monitoring and troubleshooting some of our weird application issues as well.

Unfortunately, I have inherited a very large, complex, and undocumented environment and we are moving it to the cloud. As such we need to document all the connectivity requirements across many servers. In extrahop I can see Peer IP’s and L7 protocols. Is there any way to get that combined so that I can see L7 Protocols by Peer IP or Peer IP by L7 Protocols? Activity map has a generalized version of peers with connections showing the protocol but it isn’t detailed.

The best way to view this information is to go to one of your devices in Advanced Analysis, and to click on one of the L7 protocols in/out. You can drill down on that protocol by IP, and export the resulting table to CSV by clicking on the three dots in the upper right corner of the screen. You can repeat this several times for different protocols on your core devices to get an offline report on the whole network, or use that screen as part of your investigation flow to get real-time data.

1 Like