<img src="https://certify.alexametrics.com/atrk.gif?account=Dm1hu1hNdI20fn" style="display:none" height="1" width="1" alt="">

Return to Blog

NetFlow vs Packet Data vs Metadata: What are the differences?

by Profitap | Jun 5, 2020 | Insights, Network Monitoring, IOTA

Delivering full visibility across your complex IT infrastructure isn’t easy. This is why it’s always a challenge to pinpoint what the actual problem is whenever the issue of network analysis is raised. And with each passing year, network engineers are still facing the struggle to stay ahead of monitoring the traffic on their networks. When it comes to network analysis, there is no point of getting yourself stressed out. There are several network analysis methods you can choose from: NetFlow, Packet Data or Metadata. But which is right for you and the environment you are tasked with troubleshooting and protecting? Let’s start with what some consider to be the golden standard of analysis – packet data.

 

Netflow Metadata

Deep Packet Inspection

Packets are the most detailed monitoring method available. In fact, the other two methods mostly use packet data to create the statistics they generate. With packet data we can measure inter-packet timing, server response time and decrypt the flow to look at the application payload.

NetFlow (or other flow-based methods)

Analyzing network traffic doesn’t require digging into the weeds in every case. Sometimes high-level statistics are enough to help us achieve our goals. It just depends on what we are looking for. NetFlow is a summary of IP traffic that is generated by network infrastructure devices, which is then sent to collectors to generate pretty graphs of traffic data.

Metadata

This method provides a sweet spot between the other two methods. Packet data is collected by an analyzer where it is sorted, parsed, indexed and sorted (in some cases). This allows graphs and statistics about network traffic, usage, bandwidth and even application performance to be generated and stored long term.

 

Methods PROS Cons

Deep Packet Inspection

  • Some problems can only be seen in the raw packet data
  • Data overload

NetFlow

  • Long-term monitoring
  • Simple to read
  • No packet payload, network RTT or server response time

 

Metadata

  • More detail over NetFlow, without the packet complexity
  • Long-term indexing
  • Hardware resource
  • Data loss

 

Let’s take a look at the main pros and cons of the three approaches as shown above. It’s obvious that NetFlow doesn’t provide details that are critical when troubleshooting complex issues. By contrast, engineers are usually overloaded with barely manageable volumes of detailed data when doing Deep Packet Inspection. Metadata provides packet-level detail for most common troubleshooting exercise, without the complexity of digging through a huge pcap. This method, however, is often very expensive.

 

Which analysis method should I use?

As you see, each method has its own strengths and weaknesses in providing engineers with the right data in the right place at the right time. And which method should we use in a monitoring solution, you asked? It doesn't have to be an either/or, you need a solution that leverages the best of both methods by extracting metadata from the raw packet files to help speed up in real time and back in time analysis.

What you need is a single, cost-effective solution that addresses both local and remote monitoring and troubleshooting to keep shortening the MTTR.  Profitap develops IOTA, an all-in-one solution, combining the strengths of these three analysis methods in a compact and portable form.

Bandwidth utilization, DNS performance, TCP metrics, Application Latency and much more can be monitored on custom dashboards that are built with the exact data you need to spotlight the problems. For forensic analysis, traffic can be viewed by conversation flow, GeoIP location or bandwidth consumption when searching for intrusions or breaches. If you want to dig deeper into your packets, a filtered and exportable trace file is also available.

IOTA is easy to deploy and can be placed at any point in the network. This enables network engineers of all experience levels to both proactively and reactively resolve network issues anytime from anywhere you want in just a click away. With IOTA, you will be able to harness the detail of packets, the simplicity of NetFlow and the power of metadata all in a single pane of glass. Would you like to learn more? Read the full white paper here to see how you can use it to troubleshoot and secure your network.

 

Interested in finding out how you can stay ahead in this industrial revolution? Then read this article.

All-in-one network analysis solution