Peer Names



I have a question about the peer names for activity data. We are examining the peers of a device group, so we are making use of the Device Activity metric and getting the names of all the peers of each device in the group. When I look at the data I see the peers have IP addresses but some do not have DNS names. I was wondering in which circumstances Extrahop would not have the hostnames for peers?
We have verified that the DNS servers assigned to this node are able to reverse lookup these IPs into the expected hostnames.


The ExtraHop associates hostnames with devices by passively monitoring naming traffic (DNS, DHCP, NETBIOS, CDP) rather than doing any DNS lookups of its own. If devices are displaying only the IP address and not the DNS name, this suggests that the ExtraHop has not yet observed any naming traffic for that device.

If there is little naming traffic being monitored, you may be able to get the names to populate quicker by scripting DNS lookups of the devices missing their hostnames, making sure that either the lookups are running against a device being monitored by the ExtraHop or that the script is being run from a device being monitored by the ExtraHop.


So just to clarify, the ExtraHop system does not do any active DNS lookups for the device names?


That is correct, the ExtraHop does not do any active DNS lookups to populate the device names in the ExtraHop UI, but rather infers hostnames from naming traffic observed in the ExtraHop data feed.

You may also find the Web UI User Guide section on device discovery useful, as it goes into additional detail on device naming and discovery:


Great. Thanks for the quick replies.