I was wondering if someone could share how packetbeat captures network flow data. I tried to piece together from the documentation, but I was still unclear on a few things.
The documentation refers to the use of pcap or af_packet for capturing network traffic (sniffing). For flow monitoring, does this also use the same mechanism to collect data?