Traffic collection options

Application Discovery can collect traffic using statistical capture with NetFlow/SFlow methods or full capture.

Tip: You can also configure Application Discovery to use multiple methods, with or without direct collection, to create the collection methods that work best for each part of your network.

We recommend using statistical capture with NetFlow/SFlow methods for high traffic systems. System requirements for the Application Discovery sensor may differ depending on the traffic collection options you configure.

Statistical capture

Statistical capture is quicker as it passes a summary of the traffic instead of the full content.

Additionally, statistical capture usually does not need additional sensor installations other than the default sensor installed with your Application Discovery server.

Note: Application Discovery supports NetFlow/SFlow using the VSphere Enterprise Plus edition.

For more details, see NetFlow system configuration requirements.

Full capture

Full capture collects more details about your traffic, and may require additional sensor installations.

For more details, see Deploy additional Application Discovery network sensors.

For more details, see Statistical vs. Full Capture.

Note: Regardless of your configuration, configure a physical router or switch, or a Virtual Distributed Switch, to direct traffic to your sensor. For more details, see the documentation for your router or ESX or NetFlow/SFlow packet broker.

Statistical vs. Full Capture

The following table compares the traffic collection features available for statistical capture using NetFlow/SFlow or full capture:

Feature	NetFlow/SFlow	Full Capture
Discovery of business service maps based on a server/port entry point	Yes	Yes
Change detection and change alerts	Yes	Yes
Business service dependencies	Yes	Yes
Subnet dependencies	Yes	Yes
Activity monitoring	Yes	Yes
Topology view	Yes	Yes
Identification of SSL certificate expiration dates	No	Yes
Identification of database (schema) names	No	Yes
Identification of URLs	SFlow only	Yes
Monitoring of failed connections in business services	No	Yes
Identification of web server type	No	Yes
DNS name resolution using captured traffic, without the need to access a DNS Server from Application Discovery Server.	No	Yes
Large scale deployments	Yes	More complicated
Support for ESX inner traffic	Only for enterprise plus edition	Promiscuous mode

NetFlow system configuration requirements

When using NetFlow:

NetFlow version support	Application Discovery supports NetFlow versions 5, 6, 7, 9, and IpFix.
Traffic ports	Direct the NetFlow output to the IP address of the Application Discovery machine. We recommend you use 2055, and all incoming traffic is captured.
Separate server and sensor	We recommend using a single-server setup, where the Application Discovery server and sensor are deployed together. However, you can also separate the sensor and Application Discovery server, or configure multiple NetFlow statistics outputs from separate networks using multiple network cards.

Yes No

Send Feedback

Sorry about that

Why wasn't this helpful? (check all that apply)

Couldn't find what I was looking for

Instructions confusing or unclear

Instructions didn't work

Thanks for your feedback!

Great!

Thanks for taking the time to give us your feedback.

ASMS
- ASMS
- AlgoSec Cloud
- ObjectFlow
- Prevasio
- AlgoBot
Version: A32.60
- Earlier Versions

Search Tips

Use a different search method

AlgoSec Documentation supports the following search methods: