Many times, I have to decide how to capture information. It could be as literal as packets or less obvious such as SNMP, Netflow, etc..
A very common question that I get asked is, “How did you capture that?”, or “How did you decide how you were going to capture that, and with what tool?
I always start my answer with, “Unfortunately, there are options”. What I mean is that is depends on what you have available and the granularity of the data.
In this video I quickly run through some of the pros and cons of Taps, Port Mirroring and Network Management Protocols.