NetFlow (Cisco) / IPFIX (standard) provides network traffic metadata — source/destination IP, ports, bytes, packets, and timing — without capturing actual packet contents.
NetFlow storage: ~1% of full packet capture size. Enables: traffic analysis, anomaly detection, network forensics (who talked to what), bandwidth accounting. Security use: detect C2 beaconing, data exfiltration volumes, network scanning. Complement full PCAP with NetFlow for long-term traffic retention.