When it comes to conducting network analysis, sFlow collectors should be one of the first tools you use. sFlow collection is one of the most effective ways to monitor your network. Over the past decade or so, our collective network requirements have grown exponentially. Today even small changes in a network can have drastic effects on an enterprise’s performance. An sFlow collector allows the user to identify applications and devices that consume excessive bandwidth as well as pointing to network bottlenecks.
It is particularly useful for combing through data that travels through routers and switches. In short, sFlow collection provides network administrators with an extra layer of scrutiny that can be used to safeguard the performance of the wider network.
In this article we look at some of the best sFlow collectors available on the market for enterprise users.
- SolarWinds NetFlow Traffic Analyzer (FREE TRIAL)
- Paessler PRTG (FREE TRIAL)
- Wireshark
- sFlow Toolkit and sFlow Trend
- Scrutinizer
- ntop and nProbe
- Intermapper
- ManageEngine Flow Analyzer
1. SolarWinds NetFlow Traffic Analyzer (FREE TRIAL)
SolarWinds NetFlow Traffic Analyzer is a NetFlow analyzer and sFlow Collector which has become one of the most popular tools of its kind. SolarWinds NetFlow Traffic Analyzer takes real-time data from your network and presents it in a highly visual format with a variety of graphs and charts. This visualization allows users to monitor their network with clarity from a distance. The result is network monitoring that can cope with the volume of an enterprise-pace network.
In addition to supporting sFlow analysis, SolarWinds NetFlow Traffic Analyzer supports NetFlow, J-Flow, NetStream and IPFIX as well. The spread of flow protocols available to the user leads to a comprehensive screening of the network. You can clearly see which devices are taking up the most bandwidth on your system.
SolarWinds NetFlow Traffic Analyzer design has bandwidth consumption at its core. For example you can produce a pie chart showing the top 10 applications in terms of bandwidth. This helps you to identify which devices are talking the most (top talkers) and to identify whether this is a result of a fault or security breach. This information is conveniently broken down into percentages so that you can clearly see the worst offenders.
Overall SolarWinds NetFlow Traffic Analyzer is a platform that delivers an excellent Quality of Service (QoS) monitoring experience. If your aim is to monitor sFlow data within a fast-paced environment, then you will do well with this tool. SolarWinds NetFlow Traffic Analyzer starts at a price of $1,915 (£1,446). There is also a 30-day free trial which can be downloaded here.
2. Paessler PRTG sFlow Sensor (FREE TRIAL)
Next up on our list we have Paessler PRTG sFlow Sensor. PRTG is a great choice for sFlow collection because it supports the most common version of sFlow available (sFlow Version 5). Once you’ve collected this data you can display on the dashboard however you so choose. The dashboard is fully customizable and you can dictate how your network data is displayed for you to monitor.
The sFlow monitoring itself allows the user to view a variety of different types of traffic. For example you can view Chat, Citrix, FTP/P2P, IMAP, POP3, SMTP, SSH, Telnet, UDP, and TCP. What data is displayed depends on your configuration settings but there is a healthy amount of traffic for you to work with.
You can view your real-time and historic sFlow data in many different ways. Historic data can range from two days to an entire year. This allows you to switch between looking at the intricacies of short-term changes and the longer term details. The ease of use offered by the program is one of the reasons that it is used by over 200,000 network administrators across the globe.
We recommend PRTG for those who are looking to conduct particularly exhaustive sFlow monitoring. While SolarWinds NetFlow Traffic Analyzer has the cleaner user interface, PRTG offers a great deal of depth in terms of its sFlow collection ability. PRTG is available for free up to 100 sensors. If you need more than you need buy 500 sensors for $1600 (£1,208). Larger organizations can purchase up to an unlimited number of sensors for $14500 (£10,951). You can view a full list of pricing options as well as access the free trial download through this link here.
3. Wireshark
Wireshark is undoubtedly one of the most popular network analyzers of all time. This product is an open source tool that allows the user to conduct sFlow analysis and capture network traffic. This product mixes a GUI with a Command Line Interface (CLI) so that the user can run captures and scripts. Once network traffic has been captured the user can configure display and capture filters. Capture filters determine the type of traffic that is captured once the Capture button is pressed. Display filters dictate the information that the user views once data has been captured.
While this isn’t the most sophisticated setup, it is extremely versatile. Administrators can choose what they want to monitor, and have captured data colorized to segregate protocol types. On Wireshark data can be captured from a variety of flow protocols such as NetFlow, jFlow. Administrators looking for a state of the art user interface would be advised to opt for another tool. But even though Wireshark’s design is outdated it still keeps up with most modern workloads.
Once you’ve captured packets you can then convert them into graphs for further analysis. Like Wireshark’s design the graphs are rudimentary and minimalistic. That being said what they lack in design they make up for in clarity. There is little distraction and it is easy to see the metrics involved.
Wireshark is a tool that has built its name on being one of most important network analyzers in the world. This product is testament to the fact that you can still monitor a large network with a simple tool. The best part about Wireshark is that it is completely free. If you’d like to download Wireshark then you can do so through the official website here.
4. sFlow ToolKit and sFlowTrend
As the name suggests, sFlow Toolkit is a network analyzer that has been designed specifically with sFlow collection in mind. As an open source tool, sFlow Toolkit provides you with everything you could possibly need to monitor your network. This platform is available as a GUI or a Command Line Interface. You can use it to conduct packet analysis with the help of tcpdump, ntop and Snort. It also generates a text-based output which can be used to create scripts.
A typical command used on sFlow toolkit is the sflowtool -t | tcpdump -r – command which executes a decoded packet trace. While this approach can seem a little alien if you aren’t familiar with command line interfaces it does enable you to conduct some more complex instructions as well. For example the sflowtool -t | ntop -f – command will allow you to view the live top talkers on your network through a web-based interface.
Now if you aren’t a fan of Command Line Interfaces then sFlow Toolkit is also available as sFlowTrend. sFlowTrend is a GUI-based program that allows you to track your network traffic through a visual display just as you would through a program like SolarWinds NetFlow Traffic Analyzer.
This tool is a sound choice for those looking to conduct sFlow collection alone rather than wider network monitoring features. sFlowTrend leads better towards newer users, but the commands are simple enough to adapt to sFlow Toolkit after the initial learning curve. sFlow Toolkit is available as source code and a pre-compiled Windows version through this link here. If you would rather download sFlowTrend (the GUI version) then you can do so here.
5. Scrutinizer
Scrutinizer is a network analyzer that often gets overlooked in favor of tools with more name recognition. This is unfortunate because it is one of the best performing sFlow analysis tools available. With Scrutinizer you can conduct network monitoring with multiple types of flow protocols to run exhaustive Quality of Service (QoS) monitoring. With Scrutinizer you can collect sFlow, NetFlow, J-Flow and IPFIX to gather information on your network.
As with all quality network monitoring tools, Scrutinizer has a range of visualization options. You display data as bar charts, pie charts, and trend charts to develop a clear perspective of what is going on. In terms of wider network monitoring, Scrutinizer also provides a strong lens through which to view your network. For example you can view the top interfaces in your network in terms of utilization, latency and packet loss.
However, what really sets Scrutinizer apart from the crowd is its scalability. The company itself has stated that exported flows are on the increase and can cause problems for “unscalable legacy collection systems”. Scrutinizer has been built to accommodate an increasing number of flows so that even the largest organizations can still collect sFlow data reliably.
With respect to its visualization and scalability, Scrutinizer is a product that administrators should definitely keep in mind. There are a number of versions of Scrutinizer available, the cheapest is the free version. With the free version you can keep up to five hours of raw flows, and export and support an unlimited number of flow exports. If you want to keep an unlimited number of flows then you need to contact the sales team about the SSRV version for a quote. The free version of Scrutinizer can be downloaded from this link here.
6. nTop and nProbe
nTop is a network analyzer that has gained lots of followers on account of its back-to-basics approach to network monitoring. Both nTop and nProbe allow you to conduct sFlow and NetFlow monitoring. However doing this is a little more complex than with many other tools on this list. With nTop you have to go to Admin > Plugins > sFlow plugin. nTop will then be able to collect sFlow data and display it in a format you can understand.
Once you’ve collected sFlow data you can use it to create graphs and reports. This can all be accessed through the web-based GUI. Even though nTop has a simple design you can still view the network’s top talkers in real time on the paid versions. This provides you with a solid position through which to conduct day-to-day network maintenance.
This also ties in with nTop’s security features as well. You receive alerts whenever an unrecognized host is identified. This means that you don’t have to stay completely on top of problematic connections as the system will flag these automatically. The alerts system makes an administrator’s job much easier.
There are three versions of nTopng available; Community, Professional and Enterprise. The Community version is available for free and can be downloaded as source code on Github. The main limitation of the community version is that you cannot view top talkers in real time. Ntopng can be downloaded from this link here.
7. Intermapper
The next product on our list is Intermapper. Intermapper is a network monitoring platform that is used to assess network performance and collect sFlow data. This product is far from your run-of-the-mill network analysis tool and it boasts features that put it among the cream of the crop. One of these is the ability to flag the top talkers on your network to prioritize your response to network faults.
It is also worth noting that Intermapper has an excellent network mapping facility which places your network topology on a map. This acts as a guide that can be used by an administrator to see how network devices connect together. Icons can be customized and changed in line with what works best for your setup. The network map is a useful addition to Intermapper’s overall service.
Intermapper also boasts an alerts feature. When devices on your network are experiencing unusual activity you are sent real-time alerts via SMS and email. This keeps you in the loop whether you are at your desk or away. It also helps to minimize your administrative burden so that you don’t miss anything.
This tool is well-suited to sFlow collection and wider network monitoring but it doesn’t have the depth of sFlow toolkit or the finesse of SolarWinds NetFlow Traffic Analyzer. Intermapper is available for Windows, Mac OS, and Linux making it ideal for cross-platform environments. In order to purchase Intermapper you’ll need to request a quote. However there is also a 30-day free trial which can be downloaded through this link here.
8. ManageEngine NetFlow Analyzer
ManageEngine NetFlow Analyzer is a network monitoring product with a diverse repertoire of functions. This application supports the use of sFlow, NetFlow and jFlow to provide you with a balanced viewpoint of your network activity. With ManageEngine NetFlow Analyzer you can monitor your network in real-time.
If you want a particularly thorough sFlow collector and network analyzer then this is a tool you should consider. You monitor your top devices by factors such as speed, utilization, and volume to assess your connection quality. You can then convert this information into pie charts and graphs so that it is easier to read in the moment.
With ManageEngine NetFlow Analyzer you aren’t limited to real-time monitoring either. You can generate bandwidth analysis reports to take a microscope to your network performance. Similarly you can also create capacity planning reports to see when you need to upscale your network resources in the future.
You also have the ability to configure alerts based on thresholds. For example you can set to receive a notification once an application or service reaches a predefined parameter. Notifications allow you to take a more back-seat approach to your monitoring and not have to worry about tracking every minor detail.
ManageEngine NetFlow Analyzer is a tool that is ideal for larger organizations looking to upscale their infrastructure in the future. The combination of the clear design and capacity planning reports allows you to keep track and evolve with a large volume of data. In order to receive a quote you need to contact the sales team. However you can also download a free trial from this link here.
SolarWinds NetFlow Traffic Analyzer: The Best sFlow Collector
If you’re serious about keeping your network up and running long term then incorporating an sFlow collector into your monitoring environment is an absolute must. Adding in sFlow analysis to your network can help to improve the sophistication of your wider network analysis. The better you understand the sFlow data travelling through your network the better you understand emerging threats and faults. Tools like SolarWinds NetFlow Traffic Analyzer and Wireshark are our top picks in this list.
SolarWinds NetFlow Traffic Analyzer optimises the classic network analysis experience with a low maintenance user interface. This tool’s clear visualization and ease of use is what makes it our top pick. If this product is beyond your budget then you can get a lot of mileage out of Wireshark. The mix of the Command Line Interface and the GUI provides you with the perfect balance of complex functions and ease of use.
Wireshark has an active community of users who are constantly sharing tips and tricks on how to use Wireshark. If you commit to using the product then you’ll be surprised how many things you can do with it. Just make sure to try out a couple of products before you settle on one. This way you’ll be able to make sure that the solution you’ve chosen is right for you before you attempt to deploy it.
