| Name | Capture speed | CPU load | Platforms | Cost | Accuracy of attack detection | Speed of attack detection |
|---|---|---|---|---|---|---|
| pcap | Very slow, 10-100 mbps | Huge | FreeBSD, Linux | GPL | Accurate | Very fast |
| sFlow | Up to Terabits | Small | Linux, FreeBSD, MacOS | Free | Accurate but depends on sampling rate. | Very fast |
| NetFlow | Up to Terabits | Small | Linux, FreeBSD, MacOS | Free but could require additional licenses or hardware from network equipment vendor | Less accurate | Up to 15-30 seconds |
| AF_PACKET | Up to 10G per machine | Normal-huge | Linux | GPLv2 | Very accurate | Very fast |