Network Engineers Love Watching Paint Dry | ExtraHop

The old slow way vs. the new fast way.

There was a time when people travelled by foot or in horse-drawn carriages. Then along came automobiles and aeroplanes, and suddenly an activity that previously took days or weeks could be completed in a fraction of the time.

That's what ExtraHop does for IT professionals looking for forensic packet evidence.

Ever since the introduction of tcpdump in 1987, packet captures (PCAPs) have been the most empirical method of determining what happened on the network. Law enforcement uses PCAPs to prosecute crimes, security analysts rely on PCAPs to deconstruct exploits, and network engineers parse PCAPs to determine the root cause of performance issues.

The problem: The old way of filtering PCAPs takes way too long!

In the video above, ExtraHop SE Manager Dan Greer demonstrates a typical PCAP troubleshooting workflow using Wireshark and then compares that to the process in ExtraHop. He uses a timer to show how much time you'll save with the new streamlined workflow.

Want to learn more?

This is a companion discussion topic for the original entry at