NetFlow is a protocol developed by Cisco used to collect information about traffic flowing through devices on a network. The type of information collected from IP traffic by NetFlow to determine a flow include:
- Source IP address
- Destination IP address
- Source port
- Destination port
- Layer 3 protocol
- Class of Service
- Ingress Interface
By collecting this information and analyzing it, a lot of insight can be gained about the network and used for several purposes including bandwidth monitoring, network performance troubleshooting and anomaly detection.
Here is our list of the top NetFlow Analyzers & Collectors:
- Auvik – EDITOR’S CHOICE This SaaS cloud platform provides both network device monitoring and network traffic analysis. Use the network inventory and map in conjunction with flow protocol data to identify bottlenecks and fault devices so that you can keep network performance at its peak. Get a 14-day free trial.
- Paessler PRTG Network Monitor – FREE TRIAL A bundle of infrastructure monitoring tool that includes traffic monitoring. Installs on Windows Server. Download a 30-day free trial.
- ManageEngine NetFlow Analyzer – FREE TRIAL Tracks traffic volumes live and includes capacity planning tools. Available for Windows Server and Linux. Get a 30-day free trial.
- Site24x7 Network Traffic Monitoring – FREE TRIAL A network monitoring service that is part of a wider system monitoring service that is delivered from the cloud. Start a 30-day free trial.
- SolarWinds NetFlow Traffic Analyzer A bandwidth monitoring and management package that also covers virtual switches. Installs on Windows Server.
- Noction Flow Analyzer This monitoring tool uses NetFlow and other traffic statistics gathering protocols to generate an information pool about network activity and bandwidth usage in a multi-vendor site. Runs on Linux.
- Plixer Scrutinizer A traffic analyzer that can be used for security investigations. Installs as a virtual machine or can be taken as a cloud service.
- nProbe and ntopng A traffic analysis combination with a browser-based interface. nProbe runs on Linux and Windows and ntopng is available for Windows, Linux, macOS, RaspbianOS, and FreeBSD.
NetFlow Components
When NetFlow is implemented on a network, there are usually two major components: Flow Exporter and Flow Collector. The Flow Exporter captures flow information to be sent to a collector. This exporter is usually configured on a device such as a router or a switch and in some cases, there may be multiple exporters for different flows. On the other hand, the Flow Collector receives flow records from the exporter, processes them and can analyze this information to be presented to users in sensible form.
Note: In some instances, the Flow Collector does not do the actual analysis of the flow records. Instead, the Flow Collector just receives the flow records and another application does this analysis.
NetFlow and Counterparts
It is important to point out at this point that even though NetFlow was developed by Cisco, it is supported by other vendors. At the same time, other vendors also have their own versions of NetFlow including J-Flow for Juniper and NetStream for Huawei. Moreover, there is also an IETF protocol for transmitting IP flow information across a network – IP Flow Information Export (IPFIX) – which is based on Cisco’s NetFlow version 9.
Note: There are several versions of NetFlow (from version 1 to 9), some of which have become obsolete. NetFlow version 5, 7 and 9 are the commonly used versions.
The top NetFlow Analyzers & Collectors
Our methodology for selecting the NetFlow analyzers and collectors
- Check if it can collect and summarize passing packets
- Does it support communication with sFlow, J-Flow, NetFlow, and other packet capture systems
- Does it send alerts on reaching the bandwidth capacity threshold limit?
- Can you generate live stats reports with illuminating graphs and charts?
- Does it offer tools for capacity planning and bottleneck investigation?
As we mentioned earlier in this article, there are Flow Collectors that receive flow records from exporters and analyze these records to produce sensible information. We will be highlighting some of these below in more detail.
1. Auvik – FREE TRIAL
Auvik is a SaaS platform that is based in the cloud but links to your network through the installation of an agent. This tool operates SNMP processes to discover the network and track device statuses. It also uses flow protocols to extract traffic statistics for analysis.
Key Features:
- Autodiscovery
- Network inventory
- Network diagram
- Traffic analysis
- Path tracing
Why do we recommend it?
Auvik is best suited for network administrators and IT teams overseeing multi-vendor networks. Given its extensive compatibility and ability to manage multiple networks, larger businesses and enterprises with diverse network hardware will benefit the most.
The traffic analysis module on the Auvik platform is called TrafficInsights. It can communicate with switches and routers by using NetFlow v5, NetFlow v9, IPFIX, sFlow, and J-Flow. This gives the tool compatibility with the devices produced by most network system manufacturers in the world and enables it to manage multi-vendor networks.
Auvik is packaged in two editions: Essentials and Performance. Both plans provide network discovery and mapping plus live device status monitoring with SNMP. However, only the higher plan includes the TrafficInsights module.
Who is it recommended for?
We recommend Auvik because of its comprehensive feature set, including network discovery, mapping, and traffic analysis. Its compatibility with a wide range of flow protocols makes it adaptable to varied network environments.
Pros:
- NetFlow, IPFIX, sFlow, and J-Flow
- Consolidates the monitoring of multiple networks
- Network configuration management
- Syslog collection and management
- Web-based dashboard
Cons:
- Doesn’t have NetStream capabilities
You can examine the Auvik system with a 14-day free trial.
EDITOR'S CHOICE
Auvik is our top pick for a NetFlow analyzer and collector for monitoring in real time because has the ability to communicate with switches and routing through the NetFlow v5, NetFlow v9, IPFIX, J-Flow, and sFlow protocols. Traffic analysis is available in the higher edition of Auvik, which is called Performance. The system also provides SNMP-based device monitoring and using these two systems together will help you identify which device on your system is causing problems with traffic throughput rates.
Download: Get a 14-day FREE Trial
Official Site: https://www.auvik.com/lp/network-traffic-analysis/
OS: Cloud-based
2. PRTG Network Monitor – FREE TRIAL
Paessler PRTG Network Monitor is an all-in-one network monitoring solution which includes performance monitoring, bandwidth monitoring, server and application monitoring and so on. The benefit of this is that NetFlow monitoring is enabled by default in the tool – there is no add-on or upgrade required. PRTG Network Monitor can analyze various NetFlow versions (v5, v9), the industry standard (Internet Protocol Flow Information Export (IPFIX)), and other flow-based technologies such as sFlow and J-Flow.
Key Features:
- Customizable package
- Device and traffic monitoring
- Path analysis
Why do we recommend it?
PRTG Network Monitor is apt for organizations looking for a comprehensive network monitoring solution. Those aiming to delve deep into bandwidth usage analysis, and wanting to troubleshoot network performance intricacies without the hassle of purchasing separate modules will find it exceptionally beneficial.
One of the uses of the NetFlow monitoring available from PRTG Network Monitor is analysis of bandwidth usage. For example, you can determine the amount of bandwidth being used by different hosts, protocols and applications. This can be very helpful in network performance troubleshooting.
In the PRTG NetFlow setup, the Flow collector is different from the analysis software. The Flow collector is just any computer that receives flow reports from the exporters and has a PRTG probe installed on it. The analysis software is PRTG Network Monitor where the flow collector (the system with the PRTG probe) is setup as a sensor.
Who is it recommended for?
We recommend PRTG Network Monitor for its holistic approach to network monitoring. The tool’s inherent capability to monitor NetFlow, coupled with its capability to analyze bandwidth usage across various hosts, protocols, and applications, makes it a go-to solution for detailed network insights. The versatility it offers in both data collection and analysis further emphasizes its superiority in the segment.
Pros:
- No upgrade or add-on is necessary as NetFlow monitoring is available by default
- The bandwidth usage of various hosts, protocols, and apps can be ascertained
- Helps troubleshoot network performance
- Users can save and process flows using the PRTG NetFlow Analyzer
- Allows tracking and performing analysis on all vital Flow protocols
Cons:
- It is a detailed solution, as a result, may take time to fully understand all of its features
PRTG Network Monitor is available in two editions: Freeware and Commercial. The Freeware edition is a fully functional PRTG Network Monitor that allows you to monitor up to 100 sensors. If you would like to monitor more than 100 sensors, you will need a Commercial license that starts at $1600 for monitoring 500 sensors. You can start with either version on a 30-day free trial.
3. ManageEngine NetFlow Analyzer – FREE TRIAL
ManageEngine has a similar offering of a NetFlow collector and analyzer as the other solutions we have previously discussed. Their NetFlow Analyzer also supports multiple flow technologies such as NetFlow, J-Flow and NetStream and is targeted at network traffic analysis and bandwidth monitoring.
Key Features:
- Traffic analysis
- Monitors network changes
- Security monitoring
Why do we recommend it?
Given the iPhone app, ManageEngine NetFlow Analyzer is ideal for network administrators and IT professionals who desire mobility in monitoring. Organizations relying heavily on Cisco Medianet and Cisco WAAS will find this tool invaluable.
ManageEngine NetFlow Analyzer packs some interesting features such as customizable dashboards, an iPhone app for anytime, anywhere monitoring and the ability to report on Cisco Medianet and Cisco WAAS.
Who is it recommended for?
We endorse ManageEngine NetFlow Analyzer for its real-time visibility into network bandwidth performance, its comprehensive reporting capabilities, especially on Cisco technologies, and its user-friendly interface that helps swiftly identify network irregularities.
Pros:
- Offers visibility into network bandwidth performance in real-time
- Analyzes network traffic and its patterns
- Generates one-minute granularity and custom search reports on bandwidth usage, Cisco Medianet, and Cisco WAAS
- Users can set custom alerts depending on traffic thresholds
- The intuitive interface helps identify bandwidth hogs and other abnormal network traffic instantly
Cons:
- Not a suitable option for small home networks
ManageEngine offers an online demo of their NetFlow Analyzer which is good because you can try it out before deciding whether to download or buy. The NetFlow Analyzer comes in two editions: Essential and Distributed. Both editions can be tried for free for 30 days. The minimum license price is $495 for monitoring 10 interfaces on the Essential edition. There is also a free edition that can be used to monitor 2 interfaces without the need for any license.
4. Site24x7 Network Traffic Monitoring – FREE TRIAL
Site24x7 Network Traffic Monitoring is part of a system monitoring service. This cloud-based service is offered in a series of packages that emphasize the supervision of different aspects of IT systems. The packages are designed to focus on websites, infrastructure, and applications. Although each of these packages have specific focus, they all include network monitoring. Site24x7 offers both network performance monitoring and bandwidth monitoring.
Key Features:
- Full stack package
- Cloud based
- Suitable for SMBs
Why do we recommend it?
Site24x7 is ideal for Small to Medium Businesses (SMBs) that have a diversified network environment spanning different sites and cloud platforms. Its ability to extract data from devices of over 200 vendors also makes it suitable for businesses with multi-vendor network setups.
Site24x7 network monitoring deploys a range of communication protocols in order to extract data from network switches. The service is able to contact the devices of more than 200 vendors. Many manufacturers, such as Cisco systems and juniper Networks have created their own languages for traffic data querying. The Site24x7 system can communicate with NetFlow, IPFIX, J-Flow, sFlow, NetStream, CFlow, and AppFlow.
This monitoring tool is able to unify the monitoring of networks on different sites, on the cloud, and traveling through switches from different providers, using different communication protocols. This is a very flexible network traffic monitor.
This service shows live traffic volumes on its dashboard, which is hosted in the cloud and accessed through a Web browser. All of the processing power for the monitor is also resident in the cloud. An agent module on the monitored network collects data and uploads it to the Site24x7 server over an encrypted link.
This service also includes the ability to set thresholds, which trigger alerts. Those alerts can be sent out to key personnel as emails, SMS messages, or voice calls.
Who is it recommended for?
We advocate for Site24x7 due to its unparalleled flexibility in monitoring varied network environments, its vast compatibility with devices from numerous vendors, and its intuitive cloud-hosted dashboard that provides real-time traffic insights. The tool’s capability to set thresholds and send immediate alerts in multiple formats adds another layer of security and efficiency to network monitoring.
Pros:
- Allows watching over bandwidth as well as network traffic
- You can extract information from network switches via different communication methods
- Provides stats on traffic patterns for various devices and apps
- Keep a track of data that is being transmitted over a network
- Check the network’s capacity quality and track if it is allocated properly.
Cons:
- Site24x7 offers various features and customization options that may take time to fully understand
Site24x7 is a subscription service with a range of editions. You can try any of them on a 30-day free trial.
5. SolarWinds NetFlow Traffic Analyzer
The SolarWinds NetFlow Traffic Analyzer (NTA) is a network traffic analysis and bandwidth monitoring tool that supports various flow technologies including NetFlow, J-Flow, IPFIX and NetStream.
Key Features:
- For multi-vendor environments
- Path analysis
- VoIP QoS
- Runs on Windows Server
Why do we recommend it?
SolarWinds NTA is perfect for medium to large-sized enterprises that need a comprehensive view of their network’s traffic and bandwidth usage. Companies that run multi-vendor environments and wish to have real-time insights into their network’s performance will find it especially beneficial.
SolarWinds NTA can provide insight into bandwidth usage on a network such as which IP address or application is consuming the most bandwidth at a certain time. It can analyse patterns in traffic over a certain period of time, thereby making it able to perform network traffic forensics.
SolarWinds NTA starts at $1,875 for monitoring 100 elements although a 30-day free trial is available. Another thing to keep in mind is that SolarWinds NTA integrates with SolarWinds Network Performance Monitor (NPM) to perform its function.
This means that you must account for the cost (and requirements) of SolarWinds NPM along with the cost of SolarWinds NTA. SolarWinds NPM is also available for a 30-day free trial and license cost starts at $2,895 for monitoring 100 elements.
Who is it recommended for?
We vouch for SolarWinds NTA for its robust capabilities in tracking bandwidth, analyzing performance across multi-vendor networks, and its seamless integration with SolarWinds NPM, offering an all-inclusive network monitoring solution.
Pros:
- Supports NetFlow, J-Flow, IPFIX, and several other flow technologies
- Generates insights related to a network’s bandwidth utilization
- Analyzes traffic patterns and sends real-time alerts
- Monitors bandwidth, analyzes performance, and manages multi-vendor networks
- Allows tracking performance of the wireless network as well as VMware vSphere
Cons:
- Not a great option for small LANs or home users as it was designed for enterprises that process large data
You can start a 30-day free trial.
6. Noction Flow Analyzer
Noction Flow Analyzer is a network traffic analysis tool that performs live traffic monitoring, live network performance monitoring, and capacity planning analysis.
Key Features:
- Identifies internal and inbound traffic
- Protocol analysis
- Great graphics
Why do we recommend it?
Organizations with multi-vendor environments will find Noction Flow Analyzer especially beneficial. Businesses that rely heavily on understanding BGP traffic routes and need detailed insights into traffic origins, terminations, and potential peering candidates should consider this tool.
The main source of data for this package is the statistics gathered from switches and routers, using communication standards. These are:
- NetFlow
- IPFIX
- NetStream
- J-Flow
- sFlow
The capabilities of the Noction system to use all of these protocols enables it to work with multi-vendor sites and extract data from network equipment provided by various manufacturers, including:
- Netgear
- Juniper Networks
- Cisco Systems
- Hewlett Packard Enterprise
- Brocade
- Extreme Networks
- Dell
- Arista
- Huawei, and others
Moreover, NFA offers a great way to visualize the BGP traffic routing criteria along with traffic volume via its BGP Sankey and BGP Report sections. Extensive filtering capabilities can provide you with a clear picture of the paths your traffic is taking, the countries, regions, or cities your traffic originates and terminates in, traffic volume distribution by different paths, the best potential new peering candidates, and more.
The software for Noction Flow Analyzer installs on Linux (Ubuntu, CentOS, and RHEL).
Who is it recommended for?
We vouch for Noction Flow Analyzer’s extensive compatibility, allowing it to tap into various network devices across manufacturers, ensuring thorough network monitoring. Its advanced visualization features for BGP traffic and the detailed traffic path analysis capabilities it provides are game-changers for those aiming for in-depth network insights. The system’s proactive approach to highlighting congestion and efficiency issues is another major plus.
Pros:
- Discovers the source of network performance issues and promptly fixes them.
- Works with NetFlow data to analyze traffic patterns within a network
- Uses illuminating graphs and charts to show real-time traffic data
- Users can even perform manual historical analysis
- If traffic congestion is found and efficiency suffers, the Noction system can be configured to issue alerts.
Cons:
- Not works well with Windows operating system
- Essential to host it on your own site
Official Website: https://www.noction.com/flow-analyzer
Download: Get free access to this package with a free trial: https://nfa.noction.com/register.php
7. Scrutinizer
Rather than being just a NetFlow Analyzer, Scrutinizer is a full Incident Response System that can be used to analyze network traffic and report on security incidents. It can collect and analyze data from different flow types including NetFlow, J-Flow, NetStream and IPFIX. This means that Scrutinizer can be used for Cisco Networking devices and other vendors.
Key Features:
- Incident response
- Security monitoring
- Preventative measures
Why do we recommend it?
Scrutinizer is ideal for businesses that are not only keen on monitoring their network traffic but also want to maintain robust security protocols. Enterprises with larger networks, especially those spanning both physical and virtual environments, will find this tool particularly beneficial.
Scrutinizer can provide visibility into both physical and virtual environments. It also has fast and advanced reporting features, supports multi-tenancy and is very scalable because of its distributed architecture.
There are three (3) deployment options for Scrutinizer: Hardware, Virtual Machine and Software as a Service (SaaS). You can try Scrutinizer for free for 30 days after which the product downgrades to the free version which allows you to collect up to 5 hours of data from unlimited devices before resetting i.e. you lose the historical data and start afresh.
Who is it recommended for?
Scrutinizer comes highly recommended for its prowess in blending network traffic analysis with real-time security incident response. Its versatility in deployment options, coupled with its scalability, ensures it fits well for businesses of varying sizes. Its advanced reporting features, combined with its ability to retain data from diverse flow types, further enhance its appeal.
Pros:
- Analyzes network traffic and updates on security breaches in real-time
- Performs analysis on data collected from different flows
- Provides clarity and visibility into physical as well as virtual environments
- Supports multi-tenancy and advanced reporting features
- Supports multiple deployments and is great for large enterprise networks
Cons:
- The user needs to send request to the sales team for quotes
- Involves the use of a significant amount of the system’s resources
8. nProbe and ntopng
ntopng is an open-source tool for monitoring network traffic. It works by capturing packets off an interface and analysing it to give useful information such as Top X talkers – hosts and applications consuming the most bandwidth.
Key Features:
- Packet sniffer
- Also collects SNMP data
- Open source
Why do we recommend it?
ntopng and nProbe are most suitable for tech-savvy users familiar with Unix and macOS platforms. Organizations prioritizing anomaly-based intrusion detection and detailed network analytics will find this combination beneficial. Additionally, NGOs and educational institutions can utilize nProbe without incurring licensing costs.
ntopng can connect to nProbe which is a NetFlow/IPFIX collector. In this way, nProbe serves as the flow collector which receives flow records from flow exporters and sends this information to ntopng which analyses the information and presents it in a usable format.
While ntopng has a free version (the community edition), you require a license to use nProbe (except you are an NGO or education institution). nProbe comes in two editions: Standard and Pro with Plugins. The Standard version costs 149.95 Euros while the Pro with Plugins costs 299.95 Euros.
Who is it recommended for?
ntopng stands out for its comprehensive packet analysis, especially in its ability to determine top bandwidth consumers. When paired with nProbe, it becomes an even more potent tool, capturing and processing NetFlow and IPFIX data from various network devices. The health monitoring through SNMP data and detailed stats on latencies and TCP traffic make it a compelling option for detailed network insights. However, it might require some technical know-how for optimal setup and usage.
Pros:
- A highly customizable tool that works great for Unix and macOS platforms
- You can even track the health of your devices using the collected SNMP data
- Great for anomaly-based intruder detection
- Uses NetFlow and IPFIX protocols to probe network devices
- Displays stats on latencies and TCP
Cons:
- Non-technical users may find it difficult to understand the tool in the initial stage
- A paywall prevents access to the fully functional edition
Conclusion
In this article, we have discussed NetFlow and other flow-related technologies. We mentioned that the wealth of information provided by these flow technologies can help in several ways including network traffic analysis, performance troubleshooting and bandwidth monitoring.
We then went on to highlight a couple of tools that can be used for collecting and analysing NetFlow records including Scrutinizer, PRTG Network Monitor and ntopng/nProbe. There are other tools that we have not mentioned like NFDUMP and EHNT that are free and open source. The reason we did not discuss these other tools is because they are limited to NetFlow unlike the other tools we discussed that support NetFlow, J-Flow, NetStream and so on.
To conclude, if you are looking for a solution that does strictly NetFlow collection and analysis and has the ability to scale to different platforms and protocols, then we highly recommend SolarWinds NetFlow Traffic Analyzer (with Network Performance Monitor).
If you are more interested in NetFlow analysis as an add-on to a network monitoring solution, then try PRTG Network Monitor or ManageEngine NetFlow Analyzer. If you are interested in scalability and security analysis, then Scrutinizer may be another option for you. Finally, if you want an inexpensive solution with some open-source features, check out ntopng/nProbe.
