Given the widespread growth of enterprise networks and the sheer number of companies doing business online, there has become an increasing need for only the best sFlow collectors and analyzers. As more devices make use of the sFlow protocol there is a range of opportunities for administrators to martial this technology to monitor their network activity.
In order to keep your network online it is vital to keep monitoring for performance issues and faults. The cost of overlooking this day-to-day monitoring activity can come at the cost of your network going down. sFlow collection is one of those core monitoring practices that can tell you the precise state of your connected devices.
You can use an sFlow collector to highlight network congestion and identify traffic patterns that could spell problems for your network further down the line. In this article we’re going to look at some of the best sFlow collectors and analyzers on the market but first, we’re going to look at what sFlow is.
What is sFlow?
In a nutshell, sFlow is a packet sampling protocol that is tailored towards monitoring fast-moving enterprise networks. The sFlow protocol was designed to sit within Layer 2 of the OSI model. sFlow works by having an sFlow Agent take packet samples and put them into sFlow Datagrams where they are then sent on to an sFlow Collector. The sFlow Collector can then use this data to analyze network traffic and find the top bandwidth hogs within a network.
Here is our list of the best sFlow collectors and analyzers:
- SolarWinds NetFlow Traffic Analyzer with sFlow Collector (FREE TRIAL)
- Paessler PRTG Network Monitor
- ManageEngine NetFlow Analyzer
- ntopng and nProbe
- sFlowTrend
- Wireshark
- Intermapper
- Plixer Scrutinizer
- FlowTraq
1. SolarWinds NetFlow Traffic Analyzer with sFlow Collector (FREE TRIAL)
First up on the list, we have SolarWinds NetFlow Traffic Analyzer, a network analyzer which includes a robust sFlow Collector Tool. With this tool you can collect sFlow data and identify which users, applications, and protocols are consuming the most bandwidth. The data you collect is invaluable for identifying those problematic users or applications that are hogging your bandwidth and adversely affecting your network.
One of the first things you notice about SolarWinds NetFlow Traffic Analyzer is how easy it is to install. You are taken through the setup process with a configuration wizard. Once you complete the configuration wizard then you can start collecting flow data from sFlow-enabled devices automatically. The fast-track installation and setup of this program makes it a good choice for those who want to get to work ASAP.
SolarWinds NetFlow Traffic Analyzer also has you covered when it comes to troubleshooting as well. This tool highlights the IP address of top talkers throughout your network. You can monitor all the arriving traffic from source IPs, destination IPs, and protocols. With the ability to point to top talkers and conversations you can run much more effective and informed troubleshooting.
If you need a product that has the ability to conduct exhaustive sFlow and NetFlow collection then SolarWinds NetFlow Traffic Analyzer is a product you should bear in mind. SolarWinds Network Traffic Analyzer starts at a price of $1,915 (£1,472). You can also download a 30-day free trial.
2. Paessler PRTG Network Monitor
Paessler PRTG Network Monitor is not only one of the best network monitors on the market, but also offers one of the most compelling sFlow collection experiences as well. With PRTG Network Monitor you can collect sFlow, NetFlow, IPFIX, and jFlow data. All of this data can be viewed through a variety of dials and views. For example, you can view pie charts of your top talkers, connections, and protocols.
In addition to its widespread flow support, PRTG Network Monitor has a dedicated sFlow sensor. The sFlow sensor can pull traffic data from sFlow V5 compatible devices and provide you with IRC, AIM, FTP/P2P, DHCP, DNS, Ident, ICMP, SNMP, IMAP, POP3, SMTP, RDP, SSH, Telnet, VNC, UDP traffic, TCP traffic, and total traffic. This provides you with a range of information to act on further.
This tool also has an extensive alerts system. You can receive alerts when strange or problematic behavior is recognized on your network. You can have notifications sent via email, SMS, or push notifications on Windows, Android and iOS devices (though you’ll need to download the free PRTG app). Alerts help to make sure that you know precisely what is going on and gives you the heads-up so you can react quickly in critical situations.
PRTG Network Monitor offers the perfect balance of usability and clarity to conduct sFlow collection. There are few programs that allow you to martial your sFlow data as painlessly as PRTG Network Monitor. There is a freeware version of this product that supports up to 100 sensors. That is ideal for those looking to try their hand at sFlow collection within a smaller network.
The paid versions of PRTG Network Monitor range from $1,600 (£1,230) for 500 sensors to $60,000 (£46,128) for unlimited sensors. There is also a cheaper version with unlimited servers for $14,500 (£11,147) . You can also download a 30-day free trial.
3. ManageEngine NetFlow Analyzer
As the name suggests, ManageEngine NetFlow Analyzer is a netflow analyzer that also supports sFlow collection. On ManageEngine NetFlow Analyzer you can use sFlow to collect traffic usage information by protocol, interface, application, and IP address. You can view this traffic usage in real-time and monitor metrics such as speed, volume, packet type, and utilization.
There are times when you’ll want to take a step back from live monitoring and look at the bigger picture. ManageEngine NetFlow Analyzer supports this through an extensive reporting feature. You can create sFlow reports on bandwidth usage and compare them with other reports to see if you can spot any abnormalities. These reports can also be customized so that you can monitor your network in a way that is most comfortable for you.
Besides its sFlow collection abilities, ManageEngine NetFlow Analyzer offers one of the most visually-captivating user experiences available. The dashboard is completely customizable and allows you to drag and drop widgets as you see fit. There are over 50 different widgets you can choose from that allow you to view your network usage data.
ManageEngine NetFlow Analyzer is one of the best tools for organizations of all sizes. The design is scalable enough to support larger organizations and SMEs alike. ManageEngine NetFlow Analyzer is available on Windows and Linux. The starting price of this product is $795 (£611). You can download the 30-day free trial.
4. ntopng and nProbe
Next up on this list we have ntopng and nProbe. nProbe is a network traffic analysis tool that allows the user to collect NetFlow and sFlow data to monitor the connection quality throughout a network. nProbe can collect sFlow data and export it in IPFIX format for further analysis. If you want to monitor network traffic then nProbe is a solid option.
ntopng also has its own flow collection abilities. However, in order to conduct flow collection with ntopng you need to create a virtual interface to which you send flows. To do this you need to go to Admin > Plugins and select the sFlow plugin. Ntopng is available on Windows, Cent OS, RedHat, Ubuntu, Debian, and RaspberryPI. Prices for ntopng range from $174 (£133) for the Pro version to $581 (£446) for the Enterprise version.
Similarly nProbe is available on Windows and Linux. There a few different versions of nProbe that you can purchase. The first is nProbe embedded which costs $58 (£44). The Standard version can be purchased for $174 (£133). The most expensive version is nProbe Pro which has support for additional plugins for $348 (£267). You can view more nProbe and ntopng pricing option on their website.
5. sFlowTrend
sFlowTrend is a free sFlow collector that provides one of the most cost-effective network monitoring solutions available. sFlowTrend can take sFlow data from up to five switches or hosts. It can also store up to one hour of data in memory. This is, therefore, a tool best used by those with small networks with light sFlow collection needs. However, there is also a paid version of sFlowTrend called sFlowTrend-Pro which removes these limitations completely.
If you opt for the paid version of sFlowTrend you’ll find a versatile sFlow collection tool. You can collect sFlow data in real-time and view the top applications and users hogging your bandwidth. This allows you to point to the worst offenders and target your troubleshooting towards finding a specific solution to aid those weak points.
Usage data can be visualized in a variety of graphs for more clarity. sFlowTrend-Pro users can use historical traffic information to generate reports on past usage. In the event that you need more up-to-date information, you can also generate reports on live information as well.
While the free version of sFlowTrend has a number of limitations it is still a viable choice for smaller organizations. For larger enterprises, sFlowTrend-Pro can be purchased from the inmon website. However, you’ll need to create an account in order to view the price and license version you would like to buy. If you’d like to download sFlowTrend totally free.
6. Wireshark
Wireshark is an open source tool that has earned the respect of countless administrators over the years based on its abilities as a network analyzer. With Wireshark you can view live and historic sFlow and NetFlow captures. Your monitoring activity can be conducted through a GUI or through the TShark utility-driven TTY mode.
A combination of capture and display filters allows you to choose what information you see when monitoring your network. Capture filters are used to determine what type of data you capture while monitoring your network. Display filters allow you to decide what captured data you see when looking through captured data. This allows you to get straight to the most important information without interruption.
The overall design of Wireshark makes it easy for you to run captures and sift through data quickly. When you’re finished looking at your data you can export the data in XML, CSV, or PostScript. Wireshark is available on Windows, Linux, Mac OS, Solaris, FreeBSD, and NetBSD. You can download Wireshark totally free.
7. Intermapper
Intermapper is a network analyzer that is targeted towards larger organizations that want fast-paced network monitoring capabilities. It offers support flow support for sFlow, NetFlow, jFlow, and cFlow. As a traffic monitoring tool, Intermapper provides a respectable offering with the ability to view the top talkers, hosts and listeners throughout your network.
With Intermapper you can monitor flows in real-time. There is little to no latency so the information you see is completely up-to-date. In the event that you need to delve deeper than generic performance data you can see which IPs are connecting to the highest number of hosts. The benefit of this is that it gives you another perspective through which to monitor your service quality.
One of the most important considerations in network monitoring for larger organizations is capacity planning. Intermapper allows you to review historical traffic data to see how your capacity requirements have grown over time. This can help you to predict when you need to upgrade your service to sustain more devices or applications.
This product is available on Windows, Linux, and Mac OS. You can download Intermapper for free if you want to monitor less than 10 devices. If you require more then you will need to pay for a subscription license or device-based license. Unfortunately, you’ll have to contact the sales team to view more information. No matter what platform you’re on, Intermapper is a strong contender among even the best sFlow collectors on this list. Try a 30-day free trial of Intermapper.
8. Plixer Scrutinizer
Plixer Scrutinizer is one of the most well-known network analyzers right now. Plixer classifies Scrutinizer as an incident response system but it is most commonly recognized as a NetFlow and sFlow collector. It is also worth noting that you can use Scrutinizer to capture J-Flow, IPFIX, and NetStream data as well. In short, you have everything you need to ascertain the quality of your service.
One of the things that makes Scrutinizer unique is that there are multiple deployment options. You can deploy Scrutinizer as a hardware appliance, virtual machine, or SaaS solution. This gives you complete customization over the experience you receive from the product.
None of these versions have any effect on the flows supported but they do drastically differ in how many flows can be collected. For example, if you deploy Scrutinizer as a hardware appliance you can collect over 100,000 flows per second. However, if you deploy on a virtual machine you’ll be limited to 40,000 flows per second.
There are a number of different licensing options available for Scrutinizer: Free, MDX, SSRV, and SCR. The Free version of Scrutinizer allows you to collect 10,000 flows for up to five hours. The MDX version collects the same amount of flows but keeps the data for 24 hours. The SSRV version also records the same amount of flows but allows you to keep the data for an unlimited period of time. Finally, the SCR version allows you to monitor anywhere between 40,000 to 10 million flows per second. You can download the 30-day free trial for Scrutinizer.
9. FlowTraq
Finally, we have FlowTraq. FlowTraq is a tool that combines sFlow capabilities with a contemporary user interface. FlowTraq has the ability to track sFlow, NetFlow, IPFIX, Cflow, and jFlow. You can view your network usage through the lens of some of the most well-designed graphs available. The primary focus of FlowTraq is in detecting strange activity and as such provides you with threshold-based alerts.
Threshold-based alerts notify you when a metric has exceeded normal levels. The alerts system allows you to take a step back from live monitoring without missing anything. Alerts are sent by email. In the event that you want more security, FlowTraq also offers you a REST-API which allows you to use your own scripts to interact with the database directly.
However, what really keeps you protected is FlowTraq’s DDoS detection. FlowTraq can recognise a DDoS attack and react automatically. It is integrated with a variety of security vendors such as A10 TPS, RadWare Defense Pro, Verisign OpenHybrid, and Voxility.
Overall FlowTraq is a tool that offers a well-functioning blend of flow monitoring and security. If you’d like to purchase a copy of FlowTraq you’ll need to contact the sales team directly. That being said you can still download a free trial version. You can download FlowTraq on a 30-day free trial.
Best sFlow Collectors: SolarWinds NetFlow Traffic Analyzer and PRTG Network Monitor
If you’re not already incorporating sFlow collection into your monitoring activities, there are countless reasons why you should be. sFlow data is a resource that expands far beyond the confines of routers and switches. Any organization serious about executing thorough traffic analysis would be well-advised to add sFlow collection to its monitoring practices.
SolarWinds NetFlow Traffic Analyzer which includes the sFlow Collector Tool offers the best overall experience on this list. You can monitor your network without running into resistance. You can point straight to the users, applications, and protocols that are hogging your bandwidth. You literally have everything you need to keep an eye out for costly problems. Likewise, Paessler PRTG Network Monitor is worth consideration based on its alerts system alone, but it also offers an overall monitoring experience that can scale to any size.
