But as traffic volume mushrooms, it becomes less and less feasible to collect every flow. It’s easy to see per-host details, notice localized anomalies, and investigate particular flows. This granularity of NetFlow is attractive for examining traffic with an individual host. NetFlow aggregates data about all packets into flows locally at the device thus it can’t by happenstance miss a conversation by failing to sample the relevant packets. NetFlow’s partisans have long argued that NetFlow can be more accurate than sFlow. Here are the main differences between the two technologies. The differences between NetFlow and sFlowĪvi Freedman makes an apt analogy to monitoring vehicular traffic: “… while NetFlow can be described as observing traffic patterns (‘How many buses went from here to there?’), with sFlow you’re just taking snapshots of whatever cars or buses happen to be going by at that particular moment”.