For some time, NetFlow analysis has been one of the core strategies relied on by IT administrators to conduct real-time network monitoring. So much of an enterprise-grade service’s reliability rests on its bandwidth performance. It is in this area that NetFlow analyzers are worth their weight in gold. With a NetFlow analysis tool, an administrator can see how efficiently data is transferred across a network without relying on the large volumes of stored data that regular packet capture procedures create.
From a glimpse, you can identify whether your network is performing as it should be or whether an underlying issue is decreasing the standard of service. In a nutshell, deploying a NetFlow analyzer helps determine whether a network is experiencing poor performance, and it conducts troubleshooting if a problem is found. In this article, we look at the Best Free NetFlow Analyzers on the market.
What is a NetFlow Analyzer?
NetFlow is the term given to a network protocol designed by Cisco to collect IP traffic and conduct network monitoring. NetFlow analyzers collect data generated by devices throughout the network and allow the user to view historic and real-time perspectives of the network.
When viewed with a NetFlow analyzer, the data obtained from network devices reveals key details like port numbers and IP addresses. More importantly, it allows you to view the source and destination of all NetFlow traffic. Each device must enable NetFlow in order to see NetFlow data.
Why Do I Need a Netflow Analyzer?
A NetFlow analyzer offers you one of the best tools to take stock of what is happening on your network. It allows you to interpret real-time and stored traffic data from your network and look for causes of poor connectivity. This helps to make sure that you don’t experience downtime on account of unresolved issues. The main reasons why administrators use Netflow Analyzers are listed below:
- Develop a network inventory – Auto discover devices on your network and map out network infrastructure.
- Analyze a network in real-time – Viewing live traffic on your network and looking out for signs of poor performance.
- View historical traffic data – View old usage statistics to develop further insights into your connection.
- Notifications – Receive notifications when network problems are detected, e.g latency or compromised devices
- SolarWinds Real-Time NetFlow Analyzer (FREE TOOL)
- ManageEngine NetFlow Analyzer (FREE TRIAL)
- Paessler PRTG Network Monitor
- Scrutinizer Plixer
- The Dude
- sFlow Toolkit
- Colasoft Capsa
SolarWinds is a big name in the world of network monitoring, and Real-Time NetFlow Analyzer is perhaps the most competitive packet monitoring solution available. This product allows the user to monitor their real-time network and bandwidth usage. You can view your network usage and also packet capture data through a web-based application.
One of the main selling points of Real-Time NetFlow Analyzer is that it is easy to use. The stripped-back design of the user interface makes it easy to see what’s going on with your network. The tool generates graphs that display usage data in real-time. These graphs allow you to quickly determine which devices and applications consume the most bandwidth.
Real-Time NetFlow Analyzer’s graphs update automatically in real-time, so you can immediately identify how well your network is performing. You can tell in a matter of seconds if your network experiences poor quality of service. This is one of the features that makes SolarWinds Real-Time NetFlow Analyzer out top pick on this list. SolarWinds Real-Time NetFlow Analyzer can be downloaded for free here.
Another SolarWinds NetFlow system that is free to use is the Flow Tool Bundle. This is a package of three utilities that help you to test your network’s capabilities using Cisco’s NetFlow v5.
This tool pack includes a simple interface to turn the NetFlow capabilities of your Cisco routers on and off. It also has a tool that replays stored traffic data so you can watch the performance of your network. A third utility will generate extra traffic so you can test your infrastructure in preparation for a planned increase in load on the network.
Next up on our list, we have ManageEngine NetFlow Analyzer, a network analyzer that has become a staple in the toolkit of many administrators. NetFlow analyzer can tell you almost everything about your network down to devices, conversations, and interfaces along with their volume, utilization, and speed. All this information is translated into visual formats like graphs so you can find out exactly what’s going on.
Graphs and displays update in real-time, showing top interfaces, protocols, and conversations. This platform is great in an enterprise environment because it offers the user a number of automation features. For example, you can set the parameters of the alerts you see. If traffic goes above or below a defined level, you’ll be notified immediately. You don’t have to stay glued to the desk in order to stay up to date.
On the main screen, a breakdown of current alerts shows every warning that has been raised. Like PRTG, NetFlow Analyzer allows the user to develop custom reports. This allows you to run in-depth diagnostics and troubleshooting on your network based on the historical data you have available. This is useful for correcting faults and optimizing your network.
Overall this is a solid platform whether you’re operating within an SME or a larger organization. With the free trial version, you can monitor an unlimited number of interfaces. Unfortunately, you’ll be limited to two once the trial period ends. You can download a 30-day free trial.
PRTG Network Monitor is as close to comprehensive as it gets in terms of network monitoring and NetFlow analysis. PRTG supports NetFlow, J-Flow and sFlow protocols making it versatile enough to function as a NetFlow tool in most organizations. Network Monitor has become a popular platform on account of its user interface. The navigation tree is very simple so that you can cut straight down to the minutiae of your network traffic.
Likewise, the setup process is very easy. Auto-discovery finds active devices on your network. This automation is something that carries over into Paessler’s use of alerts as well. You can configure alerts to be sent to you via email or SMS. If PRTG Network Monitor clocks any Netflow or network activity on your network, alerts will be sent straight to you to take action. You can also translate your data into historic data reports in PDF, HTML, CSV and XML.
Overall PRTG Network Monitor is a great product because of its usability. It’s incredibly easy to get started up and conduct NetFlow analysis. While the basic PRTG Network monitor is free, there are a number of different paid products as well. Paessler PRTG can be downloaded for a free trial from this link.
ntopng has developed a reputation as one of the most formidable free network traffic monitors. This versatile tool runs on Windows, Unix, and Mac OS. ntopng runs through an encrypted web-based user interface that shows a real-time breakdown of active network traffic. The web-based console is great for organizations looking for fast and flexible deployment.
You can view NetFlow data in a variety of ways right down to active flows by application. You can also see how much latency you have on your network at one time. The platform does this by breaking down the networks 3-day handshake packets and calculating the time it takes for them to transfer. The latency is determined by how long it takes for the packets to move across the network.
The user interface either doesn’t fall short, either. You can choose a variety of visual displays to look at and comb through your historical data by time and date. This ensures you don’t miss anything and can make the necessary adjustments if you spot poor performance.
The free version of ntopng is called the Community version and can be downloaded from here. Ntopng is highly recommended if you want to deploy a low-maintenance NetFlow analyzer that doesn’t need much configuration.
5. Scrutinizer Plixer
In terms of scalability, few products offer as much potential as Scrutinizer. Scrutinizer can function in a variety of SME and larger enterprise environments with the capacity to handle millions of flows per second. In addition, Scrutinizer offers a great user interface lets you delve down deep into the time frame, host application, and protocol of all your network elements. It’s also versatile in the sense that it supports NetFlow, sFlow and IPFIX.
A reporting feature breaks down NetFlow data for further analysis. Overall this is a great platform and the free version doesn’t restrict the number of interfaces you can monitor. As a result, it can be deployed seamlessly within a larger organization. Scrutinizer can be downloaded for free from here.
6. The Dude
MikroTiks’ The Dude is quite a famous name within the network monitoring community. This tool is considered to be one of the best value products available online. With support for SNMP, ICMP, DNS, and TCP, The Dude can function within even the most demanding network environment.
One of the draws of The Dude is that it is simple to deploy. An auto-discovery feature automatically recognizes devices on the network so you don’t have to spend time messing around with configurations. You can also use this information to draw up maps and create a topological perspective.
Overall, The Dude is very easy to use and install. If you want a tool to hit the ground running, then this is a solid option. Though it is not as slick as SolarWinds Real-Time NetFlow Analyzer, it still provides a competitive offering. The Dude operates on Windows, MacOS, and Linux. The Dude can be downloaded from here.
WireShark is one of the most well-known NetFlow analyzer tools in the world. At one point or another almost every network administrator has dabbled with WireShark or considered it. WireShark’s core platform can conduct real-time NetFlow analysis on an enterprise scale. Most administrators use WireShark to identify when a bottleneck occurs.
WireShark can capture Wifi, Bluetooth, Ethernet, VLAN, and USB traffic from devices across a network. This helps produce a complete perspective of an entire network. One particularly useful feature offered by WireShark is that of filters. Display filters determine what type of protocol traffic is displayed when analyzing netflows.
This is an extremely useful feature because it can often be incredibly difficult to manually sift through thousands of NetFlow processes on an active enterprise network. It also helps in regards to troubleshooting. As such, if you require a network analysis tool that is built with troubleshooting in mind, then give WireShark a try.
WireShark is a well known tool because it offers one of the most compelling free network analyzers on the market. Whether you’re working within an SME or a larger organization, this tool has more than enough power to sustain even the heaviest NetFlow workload. WireShark is available for Windows, Linux, and Mac OS. Download WireShark for free here.
FlowScan is one of the most basic NetFlow Analyzers on this list. What it lacks in complexity it makes up for in its one-track approach to network monitoring. FlowScan produces real-time graphs of your network activity. While these aren’t as polished as a tool from a company like ManageEngine, they are clear enough to generate a realistic appraisal of live activity.
Two main components make up FlowScan: CampusIO and SubNetIO. CampusIO is referred to as a ‘report module’ that interacts with the raw flow data and pushes it into a database with packet, byte, and flow counters. SubNetIO effectively does the same thing as CampusIO but adds per-subnet statistics on applications to the mix as well. FlowScan can be downloaded from here.
9. sFlow Toolkit
sFlow Toolkit has to be one of the top NetFlow analyzers for analyzing sFlow data. This tool is based around a command-line interface and lets users create scripts to customize their traffic flow analysis. SFlow is compatible with tools such as tcpdump and ntop, which helps increase its reach.
For those experienced with command-line interfaces, sFlow Toolkit is a competent tool. For example, entering the command sflowtool -t | tcpdump -r launches a decoded packet trace. You can then filter these packets using tcpdump.
While sFlow toolkit is a very useful platform, it is best used as part of a wider network analysis strategy rather than an overarching tool. It is good at analyzing sFlows but not much else. If you’re interested in downloading sFlow Toolkit, click here.
10. Colasoft Capsa
Finally, we have ColaSoft Capsa. Capsa is a platform aimed at medium-sized networks that allows the user to conduct TCP flow analysis, network protocol analysis, and VOIP analysis. This is truly a network monitoring tool for diverse and dynamic IT environments. Capsa supports over 300 protocols, making it one of the most versatile tools on this list.
One of the biggest advantages of Capsa is its security features. Capsa can detect when suspicious activity occurs on your network. For example, if it flags external TCP port scanning or a DDoS attack, you will be notified. It also monitors network usage traffic in real-time so you can see exactly what’s going on. You can also set notifications to be sent straight to your email so you know when to take action.
Capsa is truly a platform designed for those in need of versatility. The user interface is quite robust, but this isn’t the platform’s main appeal. Capsa’s combination of security and analysis is really what makes it stand out. ColaSoft Capsa can be downloaded from here.
NetFlow data structures
The Cisco NetFlow system is the industry standard for network traffic measurement. Many other manufacturers implement NetFlow on their devices and the other traffic messaging systems are based on NetFlow procedures. So the way this standard structures data is significant.
NetFlow reports on traffic in both directions on network devices. For incoming network traffic it tracks:
- IP-to-IP packets
- IP-to-MPLS (Multiprotocol Label Switching) packets
- Frame Relay-terminated packets
- ATM-terminated packets
For outgoing traffic, NetFlow records:
- IP-to-IP packet
- MPLS-to-IP packets
Each traffic flow is identified by seven key fields. This means that all data collected by NetFlow can be sorted, filtered, or grouped by any of these attributes :
- Source IP address
- Destination IP address
- Source port number
- Destination port number
- Layer 3 protocol type
- Type of service (ToS)
- Input logical interface
Although many network devices have NetFlow capability, you will need to check on that status for each of your network devices. Some manufacturers shop their NetFlow-capable devices with the messaging protocol disabled, so you will have to visit each device on your network and make sure that it has NetFlow messaging turned on when you first install your NetFlow analyzer.
The Best Free Netflow Analyzer: SolarWinds Real-Time NetFlow Analyzer
That concludes our list of the best free NetFlow analyzers. NetFlow analyzers will remain an essential part of IT administration for the foreseeable future. If you want to get a clear perspective on traffic flow on your network and issues to address, then you need to deploy a NetFlow analyzer.
Of the tools we mentioned in this list, we recommend SolarWinds Real-Time NetFlow Analyzer because it cuts to the chase and shows real-time NetFlow usage in a format that is easy to read. You don’t have to spend time tweaking configurations; the information is presented clearly up front.
If you’re more interested in learning more about NetFlow analyzers, then starting off with a free tool like WireShark is also a good choice. WireShark has an active community behind it, which means plenty of resources for new users to rely on. Ultimately if you opt for SolarWinds Real-Time NetFlow Analyzer or WireShark, you can’t go wrong.