As transport encryption has reduced what can be observed directly from the network, measurement practices have had to adapt. Two broad approaches are now used side by side: passive measurement, which observes existing traffic, and active measurement, which injects test traffic to probe the network.
Both approaches remain relevant, but they operate under different assumptions and constraints. This article explains how active and passive measurement differ in an encrypted Internet, what each can and cannot provide, and how they are often combined in practice.
What passive measurement means today
Passive measurement traditionally relied on visible transport metadata. As discussed elsewhere on this site, encryption has removed much of that structure. What remains is limited information about packet timing, size, and flow boundaries.
In encrypted transports such as QUIC, passive measurement is only possible when endpoints explicitly expose signals or when the environment is controlled. Without cooperation, inference is restricted and often unreliable.
Despite these limits, passive measurement still has value. When it works, it reflects real application traffic and operates continuously, without generating additional load.
What active measurement involves
Active measurement uses probes or test transactions to measure network behaviour. These probes may be simple, such as ICMP echo requests, or complex, such as application-layer transactions designed to mimic real traffic.
Because probes are generated intentionally, active measurement does not depend on protocol visibility. Encryption does not prevent a probe from measuring round-trip time, loss, or throughput along a path.
This makes active measurement attractive in environments where passive techniques are unavailable or insufficient.
Strengths of passive measurement
When passive measurement is feasible, it offers several advantages:
- It observes real user traffic rather than synthetic tests.
- It scales naturally with traffic volume.
- It can provide continuous visibility without planning probe schedules.
Passive techniques are particularly useful for identifying trends, anomalies, and long-term changes in performance. They can reveal issues that only occur under real workloads.
In environments where endpoints cooperate, passive measurement can still deliver high-quality insights with minimal overhead.
Limitations of passive approaches
The main limitation is dependence on observable signals. In fully encrypted transports, those signals may not exist. Even when explicit measurement bits are available, they may be disabled, rate-limited, or randomised.
Passive measurement also struggles with attribution. Without endpoint context, it can be difficult to distinguish between network-induced delay and application behaviour.
As a result, passive techniques are often incomplete or ambiguous when used alone.
Strengths of active measurement
Active measurement provides control. Operators can decide when, where, and how to measure. Probes can be designed to target specific paths, services, or performance characteristics.
Because probes are explicit, results are easier to interpret. Latency measurements reflect probe behaviour directly, without needing to infer relationships between packets.
Active techniques are also well suited to environments with little or no user traffic, such as new deployments or backup paths.
Limitations of active measurement
Active probes are not free. They consume bandwidth, processing resources, and operational effort. At scale, probe traffic can become significant.
More importantly, probes may not experience the network in the same way as application traffic. They may follow different routes, bypass optimisations, or receive different quality of service treatment.
This can lead to a mismatch between measured performance and user experience.
Why encryption complicates the comparison
Before widespread encryption, passive and active measurement often complemented each other naturally. Passive observation provided background context, while probes were used to confirm hypotheses or fill gaps.
Encryption shifts this balance. As passive visibility decreases, active measurement takes on a larger role. However, the limitations of probing become more pronounced as networks and applications grow more complex.
This makes it harder to rely on a single approach.
Hybrid measurement in practice
In many modern networks, operators use hybrid strategies. Active probes establish baseline reachability and performance. Passive signals, where available, provide continuous feedback from real traffic.
Endpoint-based instrumentation also plays a role. Applications measure their own performance and report aggregated metrics, which can be correlated with network-level observations.
No single data source is sufficient on its own. Combining perspectives helps compensate for the weaknesses of each method.
Choosing the right approach
The choice between active and passive measurement depends on context. Factors include traffic volume, control over endpoints, privacy requirements, and operational goals.
In tightly controlled environments, explicit passive signals may be feasible and effective. In open or heterogeneous networks, active probing may be the only reliable option.
Understanding the assumptions behind each technique is essential. Measurement results are only as meaningful as the conditions under which they were obtained.
Why the distinction still matters
As encrypted transport becomes universal, the trade-offs between active and passive measurement become more visible. Decisions about protocol design, deployment, and instrumentation influence which techniques remain viable.
Treating measurement as an afterthought risks creating systems that are difficult to operate or debug. Treating it as a first-class concern allows observability to evolve alongside privacy.
Active and passive measurement are not competing ideologies. They are tools with different strengths, and both remain necessary in an encrypted Internet.
