SFlow is the packet sampled version, Netflix/Ipfix will give you details on ever... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		zamadatix on July 15, 2023 \| parent \| context \| favorite \| on: Sniffnet – Comfortably monitor your internet traff... SFlow is the packet sampled version, Netflix/Ipfix will give you details on every flow. There was a period high speed devices (>10G) started dropping full sampling but it seems to have come back for even 100G devices. Limits around the total number of tracked flows still exist of course, you can't just flood a trillion tcp syns and on a 100G port and expect the switch to report on all of them. Theoretically you could do that with a pcap based solution but realistically it's the same problem the switch runs into. Now if you actually care about per packet statistics rather than per flow statistics you'd want pcap. The more the world becomes encrypted the less interesting the actual packets become.

Jedd on July 15, 2023 [–]

> SFlow is the packet sampled version, Netflix/Ipfix will give you details on every flow.

That's not 100% accurate.

Netflow v5, v9, and IPFIX all support (for at least a decade) sampling, and depending on vendor that'll be random, time, or packet-count, based).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact