There exists a class of systems that can analyze traffic flows in a network while traffic is being switched at full line rate. These systems include a traffic analyzer that is inserted between two networks. The traffic analyzer might be installed, for example, between a company's private network and a public network, such as the Internet. The traffic analyzer analyzes the traffic that crosses the boundaries of the two networks. This kind of traffic analyzer does not work for analyzing traffic within a network.
Also, existing traffic analyzers operate on some subset of the traffic, such as suspicious traffic. One issue with these traffic analyzers is that the traffic analyzers reduce throughput and increase latency in the network. Another issue with these traffic analyzers is that the subset of traffic that the traffic analyzers operate upon has to be identified beforehand. Unfortunately, it is not always possible to identify beforehand which traffic is of interest.