What are the main differences between flow capture and packet capture?

  • 3
  • Question
  • Updated 5 years ago
1. Flow capture features are normally found on layer 3 type devices like routers. Packet capture uses SPAN or mirror ports which are available on most managed switches. 

2. Flow capture gives top-level information like IP addresses and traffic volumes. Packet capture also gives you this and more.

3. Flow capture tools can struggle with the activity associated with content delivery networks and applications that use multiple TCP or UDP ports. If you want accuracy, then packet capture is the way to go. 

4. Flow capture does not look at payloads contained within packets unless you are using advanced features like Next Generation Network based Application Recognition (NBAR2). 

5. Packet capture gives you ‘names’ = websites, users, applications, files, hosts, and so on. You can identify individuals and their access to and usage of resources.
Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 393 Posts
  • 8 Reply Likes

Posted 5 years ago

  • 3

Be the first to post a reply!