Being able to conduct NetFlow analysis is one of the most important parts of monitoring an enterprise-grade network. NetFlow analysis is one of the best ways to take note of your network’s bandwidth performance. Bandwidth tells you everything from how well your service is performing to allowing you to run capacity planning for the future. Without the use of a NetFlow analyzer it is difficult to keep track of your bandwidth consumption. In this article, we look at the best NetFlow analyzers on the market, but before we do that, we’re going to take a look at what NetFlow analyzers are and why you need one.
What is a NetFlow Analyzer?
A NetFlow analyzer is a traffic analytics tool that collects information on how your bandwidth is being used, and who it is being used by. The name NetFlow is a network protocol that was designed by Cisco. The NetFlow protocol was responsible for harvesting data from devices throughout a network and converting it into a display for the end user. A NetFlow analyzer provides the user with information such as:
- Source port
- Destination port
- Source IP address
- Destination IP address
- Quality of service
There are many different versions available of the NetFlow protocol but 5, 7, and 9 are those used by most administrators. It is worth mentioning that even though Cisco created the NetFlow protocol, companies like Juniper and Huawei have come up with their own counterparts in J-Flow and NetStream.
Why do I need a NetFlow Analyzer?
If you’re working within a large network then you need a NetFlow Analyzer to be able to process all of the activity happening on your network. Your bandwidth consumption tells you a lot about how your network is functioning. You will commonly hear administrators refer to devices or applications that consume lots of bandwidth as “Top Talkers”.
In many cases, devices have rigorous demands but often there is an underlying reason why a device is hogging so much bandwidth. A NetFlow analyzer can help to see whether there is a legitimate reason for this consumption or whether there is an underlying issue that needs to be addressed.
A NetFlow analyzer is thus a valuable means of troubleshooting your network. It also helps to improve your overall knowledge of how your network works. There is no better way to boost your understanding of your technical infrastructure than to go through your real-time and historic NetFlow usage data. Now that we’ve looked at what NetFlow Analyzers do, we’re going to look at the Best Free NetFlow Analyzers on the market.
Here is our list of the best NetFlow Analyzers:
- SolarWinds NetFlow Traffic Analyzer (FREE TOOL)
- Paessler PRTG Network Monitor (FREE TRIAL)
- ManageEngine NetFlow Analyzer
- ntopng (nProbe)
- Scrutinizer Plixer
- The Dude
- sFlow Toolkit
- Colasoft Capsa Free
At the top of our list, we have SolarWinds NetFlow Traffic Analyzer. This NetFlow analyzer software has developed a reputation as one of the best in the world. It can monitor your real-time and historic bandwidth usage and identify problems with your connection. Overall the design is very modern and minimalistic making it easy to scale to the needs of a larger organization.
Netflow Traffic Analyzer can take NetFlow data in a variety of formats including J-Flow, sFlow, NetStream, and NBAR2. This is a good baseline for providing a balanced perspective. This is built upon further with the user interface which allows you to generate graphs based on your real-time and historic data.
One particularly eye-catching feature is that of Top Talkers. The Top talkers feature highlights the IP addresses of those devices that are taking up the most bandwidth. It can help you to identify those devices and applications which are killing your bandwidth and enable you to start troubleshooting. This is useful for making sure you don’t waste time and cut straight to the problem.
The Top Talkers feature also ties in conveniently with the alerts system on SolarWinds NetFlow Traffic Analyzer. The alerts system enables bandwidth threshold alerting, where the user receives a notification once bandwidth usage reaches a certain threshold. This notification will detail the top talkers and helps you to act fast.
Overall, SolarWinds NetFlow Traffic Analyzer is one of the highest performance NetFlow Analyzers available on the market. It is easy to conduct fast-paced reads into your current bandwidth usage. SolarWinds doesn’t come with a hefty price tag either as this product is completely free. SolarWinds Netflow Traffic Analyzer is available as a free download at this link.
Next up on our list, we have Paessler PRTG Network Monitor. PRTG Network Monitor is primarily known as a network monitoring tool but it can also be used to conduct NetFlow analysis as well. PRTG supports all different NetFlow protocols including J-Flow and sFlow. In this respect, it is a tool that lends itself well for deployment within organizations looking to monitor multiple NetFlow protocols.
PRTG has its own autodiscovery feature. Autodiscovery locates devices throughout networking and starts monitoring without any need for configuration. This makes it very easy to deploy as you don’t have to spend much time tweaking with configuration settings.
In addition, Network Monitor also has an alerts capability. You can choose to have alerts sent to you through email or SMS. The alerts system ensures that even when you’re away from your desk, you can be notified once there is significant bandwidth activity on your network. It also helps to remove the burden of manual administration, so you don’t have to be glued to your desk 24/7.
PRTG Network Monitor has earned its spot on this list because it has lowered the barrier to entry to NetFlow analysis for new and experienced users. Once you’ve started the program there is very little you need to do before you can start monitoring your bandwidth consumption. PRTG Network Monitor can be downloaded on a free trial here.
3. ManageEngine NetFlow Analyzer
ManageEngine is a big name within the Network Monitoring space. It is easy to overlook that they also have an excellent NetFlow solution in NetFlow Analyzer. Through this NetFlow monitoring software, you can view your top conversations and overall bandwidth usage. All usage information is displayed within pie charts and graphs so that it can be understood in a matter of seconds.
The user interface is something that really stands out in ManageEngine NetFlow Analyzer. The crisp display and straightforward design really help you to find what you’re looking for. In the event that you get lost, you can simply type in the search bar in the top right to get back on track. Likewise, the navigation bar along the time segments your network so that you can narrow down particular devices or apps. You can navigate between Apps, QoS, WAN Monitors, WLC, Attacks, MCM, and DPI.
Automation is another thing that ManageEngine provides as well. You can set your own alert configurations so that you receive notifications once a predefined threshold has been met. You can also view an overview of active alerts on the home screen by clicking on the Alarms tab. This is a pragmatic addition as it prevents you from having to spend all your time manually monitoring and helps you respond only to significant threats.
In the event that you need to take your usage data and pass it on, you can generate a custom report. You can use your historical data to print visual displays to show your team. Reports are useful for collaborating with other users in your enterprise to get things back up to scratch.
ManageEngine NetFlow Analyzer is a solid platform for SME’s and large enterprises. The design is lightweight enough to allow you to navigate your NetFlow usage without moving through lots of different tabs. There is a free trial version that allows you to monitor unlimited interfaces before capping off at two once the period ends. ManageEngine NetFlow Analyzer can be downloaded from this link here link here.
4. ntopng (nProbe)
Next up on our list, we have an open source NetFlow analyzer called ntopng. ntopng has an inbuilt NetFlow analysis tool available for Windows, Linux for Windows, and Linux which has Cisco NetFlow-Lite, IPv4, and IPv6 support. You can also conduct HTTP, MySQL/Oracle, and DNS protocol analysis.
All of your interaction with nProbe takes place through a web-based GUI. The GUI shows a breakdown of real-time network platform. Having a web-based GUI makes it easy to use online.
nProbe takes less than 2mb of memory to run. This makes it a lightweight choice that doesn’t impede your system’s performance. Once nProbe has taken in NetFlow data you can save it for future analysis or integrate into another third-party application. There is also a range of plugins such a flow-to-MySQL which can convert flow data straight into a MySQL database.
Overall, ntopng is a high-performance open source NetFlow analysis tool. Its lightweight usage and simple deployment make it suitable for both SMEs and larger organizations. You can download ntopng from this link here.
5. Plixer Scrutinizer
Plixer Scrutinizer is one of the lesser-known NetFlow analyzers on this list. However, what it lacks in name recognition it makes up for in scalability. Scrutinizer can handle millions of flows per second, giving it the bandwidth to keep up with the needs of larger organizations. Plixer has designed Scrutinizer to be compatible with NetFlow, sFlow, and IPFIX.
Scrutinizer has been built with security in mind. At the core of this is the RESTful API which allows you to respond to network events promptly. You can also generate reports to help respond more effectively against emerging threats. Unfortunately, you can’t export into CSV unless you upgrade to the paid MDX version.
Compared to other tools on this list, Scrutinizer has one of the largest bandwidth potential. The best part about this program is that there is no restriction on the number of interfaces you can monitor with the free version. The MDX version also offers a customizable dashboard and exporting to CSV (you need to request a quote in order to see the price). Plixer Scrutinizer can be downloaded here.
6. The Dude
Next up on our list, we have The Dude. The Dude is a network analyzer from MikroTiks. Many network administrators are currently using this tool, and for good reason: it’s effective. The Dude supports SNMP, TCP, ICP, and DNS. The Dude runs on Windows, Mac OS, and a Linux Wine environment.
Even though The Dude is free, it offers a dynamic autodiscovery feature. Autodiscovery identifies active devices on your network without the need for configuration. This reduces the amount of time you need to spend manually establishing your monitoring environment. The Dude also has the ability to create a map of your network as well.
Whether you’re managing a small or enterprise-scale network, The Dude has more than enough potential to assist you. Its cross-OS availability and basic protocol support gives you everything you need to start monitoring your network effectively. MikroTiks The Dude can be downloaded here.
Anyone familiar with NetFlow analysis or deep packet inspection will have heard of Wireshark. This tool is perhaps the most famous NetFlow analyzer in the world. Wireshark supports diverse range operating systems including Windows, Linux, Mac OS, UNIX, Solaris, FreeBSD, NetBSD, OpenBSD, and HP-UX. As a result, it is a great choice for organizations looking for cross-OS potential.
WireShark enables the viewing of real-time and historic capture data for Ethernet, IEEE, ATM, Bluetooth, PPP/HDLC, and USB. It also boasts decryption support for protocols such as SNMPv3, SSL, and WPA/WPA2. Wireshark is a hybrid program that combines the use of a GUI with a command line interface. This allows newer users who aren’t familiar with command lines to use the GUI if they prefer.
Much of Wireshark’s interaction with your network is governed by the use of filters. Filters allow you to limit your analysis to certain types of protocol traffic. On a large network, this is a lifesaver because you can exclude a mountain of data that you’d have to work your way through manually without a filter.
While Wireshark’s user interface isn’t glamorous this product delivers an excellent NetFlow analysis experience. Don’t let looks deceive you because this tool has enough power to monitor an entire network’s worth of NetFlow data. Wireshark can be downloaded for free from this link here.
Perhaps the simplest NetFlow analyzer on this list is a tool called FlowScan. One of the first things you notice about FlowScan is how dated the user interface looks. The graphs function looks like something out of the 1980’s but the grid format and extensive graph legend make it easier to read than a lot of modern displays.
Short-term analysis allows you to view all your information for 48 hours which shows you five-minute averages of your NetFlow usage. Long-term analysis allows you to view your NetFlow usage for over a year. FlowScan’s long and short-term analysis features allow you to maintain a clear perspective of your network activity.
FlowScan is a platform designed at those looking to run network monitoring through a command line interface. The command line interface makes it less convenient than other alternative products but it still has the capacity to get the job done. If you’re interested in downloading FlowScan then click on this link here.
9. sFlow Toolkit
When it comes to analyzing SFlow data, sFlow Toolkit is hard to beat. sFlow Toolkit operates through a command line interface. This can result in a mediocre user experience if you’re not used to typing in a command line but with the help of Google that shouldn’t be too much of an issue in the long-term.
One of the most important commands to learn is the sflow tool command. This interfaces with a variety of utilities like tcpdump, ntop, and Snort, to conduct network analysis. The variety of commands you deploy can greatly help you to determine how your data is monitored.
sFlow Toolkit is a potent tool once you get around the command line interface. If you’re more familiar with GUI-based tools, then we recommend you stick with a platform that is easier to use. However, if you already have experience with the command line then this platform is well worth considering. sFlow Toolkit can be downloaded here.
10. Colasoft Capsa Free
Finally, we have ColaSoft Capsa. ColaSoft Capsa is an “old school” netflow analyzer that feels more like a Microsoft Office product than a network monitoring platform. That being said, the overall design is incredibly easy to use. ColaSoft Capsa allows you to conduct TCP flow analysis and VOIP analysis. In total, Capsa supports more than 300 protocols.
Capsa has been designed so that it can spot the signs of malicious activity and notify the user. The program can detect TCP port scanning and DDoS attacks so that you can take action and prevent damage to your network. This helps you to eliminate security threats before they result in downtime. DDoS attacks can be particularly devastating if they are left unaddressed.
If versatility is a quality that’s important to your organization then ColaSoft Capsa is highly recommended. While the user interface may be less fancy than other products on this list it is easy to use and you can respond to network issues without missing anything. Capsa’s excellent security features are an added bonus that really makes this platform stand out. ColaSoft Capsa can be downloaded from here.
Editors Choice: SolarWinds NetFlow Traffic Analyzer
Any organization serious about protecting their network from downtime would be well advised to deploy a NetFlow analyzer. A NetFlow analyzer will give your network much-needed transparency and the chance to conduct thorough quality of service monitoring. Without one, you won’t be able to run troubleshooting effectively or respond to performance issues.
Out of the tools featured on this list, we recommend SolarWinds Real-Time NetFlow Traffic Analyzer because of its user interface and real-time NetFlow usage display. The Top Talkers display is also one of the best features on the platform as it allows you to see your most problematic devices immediately.
Our second-place product would have to be ManageEngine NetFlow Analyzer. It supports a wide variety of NetFlow protocols, an autodiscovery feature and an alerts system. This allows you to not only monitor your network but to do so at a sophisticated level.