Menu
01101110 01100101 01110100 01110111 01101111 01110010 01101011 01100001 01100100 01101101 01101001 01101110 01110100 01101111 01101111 01101100 01110011 00001101 00001010

Background

Manage Engine

Our readers provide the funding for our platform, and we may receive a commission when you make a purchase using the links on our site.

The Best Netflow Analyzers and Collectors for Monitoring in Real-Time

NetFlow is a protocol developed by Cisco used to collect information about traffic flowing through devices on a network. The type of information collected from IP traffic by NetFlow to determine a flow include:

  • Source IP address
  • Destination IP address
  • Source port
  • Destination port
  • Layer 3 protocol
  • Class of Service
  • Ingress Interface

By collecting this information and analyzing it, a lot of insight can be gained about the network and used for several purposes including bandwidth monitoring, network performance troubleshooting and anomaly detection.

Here is our list of the top NetFlow Analyzers & Collectors:

  1. Auvik – EDITOR’S CHOICE This SaaS cloud platform provides both network device monitoring and network traffic analysis. Use the network inventory and map in conjunction with flow protocol data to identify bottlenecks and fault devices so that you can keep network performance at its peak. Get a 14-day free trial.
  2. SolarWinds NetFlow Traffic Analyzer – FREE TRIAL A bandwidth monitoring and management package that also covers virtual switches. Installs on Windows Server. Register for a 30-day free trial.
  3. ManageEngine NetFlow Analyzer – FREE TRIAL Tracks traffic volumes live and includes capacity planning tools. Available for Windows Server and Linux. Get a 30-day free trial.
  4. Site24x7 Network Traffic Monitoring – FREE TRIAL A network monitoring service that is part of a wider system monitoring service that is delivered from the cloud. Start a 30-day free trial.
  5. PRTG Network Monitor – FREE TRIAL A bundle of infrastructure monitoring tool that includes traffic monitoring. Installs on Windows Server. Download a 30-day free trial.
  6. Noction Flow Analyzer This monitoring tool uses NetFlow and other traffic statistics gathering protocols to generate an information pool about network activity and bandwidth usage in a multi-vendor site. Runs on Linux.
  7. Plixer Scrutinizer A traffic analyzer that can be used for security investigations. Installs as a virtual machine or can be taken as a cloud service.
  8. nProbe and ntopng A traffic analysis combination with a browser-based interface. nProbe runs on Linux and Windows and ntopng is available for Windows, Linux, macOS, RaspbianOS, and FreeBSD.

    NetFlow Components

    When NetFlow is implemented on a network, there are usually two major components: Flow Exporter and Flow Collector. The Flow Exporter captures flow information to be sent to a collector. This exporter is usually configured on a device such as a router or a switch and in some cases, there may be multiple exporters for different flows. On the other hand, the Flow Collector receives flow records from the exporter, processes them and can analyze this information to be presented to users in sensible form.

    Note: In some instances, the Flow Collector does not do the actual analysis of the flow records. Instead, the Flow Collector just receives the flow records and another application does this analysis.

    NetFlow and Counterparts

    It is important to point out at this point that even though NetFlow was developed by Cisco, it is supported by other vendors. At the same time, other vendors also have their own versions of NetFlow including J-Flow for Juniper and NetStream for Huawei. Moreover, there is also an IETF protocol for transmitting IP flow information across a network – IP Flow Information Export (IPFIX) – which is based on Cisco’s NetFlow version 9.

    Note: There are several versions of NetFlow (from version 1 to 9), some of which have become obsolete. NetFlow version 5, 7 and 9 are the commonly used versions.

    The top NetFlow Analyzers & Collectors

    Our methodology for selecting the NetFlow analyzers and collectors 

    • Check if it can collect and summarize passing packets
    • Does it support communication with sFlow, J-Flow, NetFlow, and other packet capture systems
    • Does it send alerts on reaching the bandwidth capacity threshold limit?
    • Can you generate live stats reports with illuminating graphs and charts?
    • Does it offer tools for capacity planning and bottleneck investigation?

    As we mentioned earlier in this article, there are Flow Collectors that receive flow records from exporters and analyze these records to produce sensible information. We will be highlighting some of these below in more detail.

    1. Auvik – FREE TRIAL

    Auvik Geolocation

    Auvik is a SaaS platform that is based in the cloud but links to your network through the installation of an agent. This tool operates SNMP processes to discover the network and track device statuses. It also uses flow protocols to extract traffic statistics for analysis.

    Key Features:

    • Autodiscovery
    • Network inventory
    • Network diagram
    • Traffic analysis
    • Path tracing

    The traffic analysis module on the Auvik platform is called TrafficInsights. It can communicate with switches and routers by using NetFlow v5, NetFlow v9, IPFIX, sFlow, and J-Flow. This gives the tool compatibility with the devices produced by most network system manufacturers in the world and enables it to manage multi-vendor networks.

    Auvik is packaged in two editions: Essentials and Performance. Both plans provide network discovery and mapping plus live device status monitoring with SNMP. However, only the higher plan includes the TrafficInsights module.

    Pros:

    • NetFlow, IPFIX, sFlow, and J-Flow
    • Consolidates the monitoring of multiple networks
    • Network configuration management
    • Syslog collection and management
    • Web-based dashboard

    Cons:

    • Doesn’t have NetStream capabilities

    You can examine the Auvik system with a 14-day free trial.

    EDITOR'S CHOICE

    Auvik is our top pick for a NetFlow analyzer and collector for monitoring in real time because has the ability to communicate with switches and routing through the NetFlow v5, NetFlow v9, IPFIX, J-Flow, and sFlow protocols. Traffic analysis is available in the higher edition of Auvik, which is called Performance. The system also provides SNMP-based device monitoring and using these two systems together will help you identify which device on your system is causing problems with traffic throughput rates.

    Download: Get a 14-day FREE Trial

    Official Site: https://www.auvik.com/lp/network-traffic-analysis/

    OS: Cloud-based

    2. SolarWinds NetFlow Traffic Analyzer – FREE TRIAL

    solarwinds

    The SolarWinds NetFlow Traffic Analyzer (NTA) is a network traffic analysis and bandwidth monitoring tool that supports various flow technologies including NetFlow, J-Flow, IPFIX and NetStream.

    Key Features:

    • For multi-vendor environments
    • Path analysis
    • VoIP QoS
    • Runs on Windows Server

    SolarWinds NTA can provide insight into bandwidth usage on a network such as which IP address or application is consuming the most bandwidth at a certain time. It can analyse patterns in traffic over a certain period of time, thereby making it able to perform network traffic forensics.

    SolarWinds NTA starts at $1,875 for monitoring 100 elements although a 30-day free trial is available. Another thing to keep in mind is that SolarWinds NTA integrates with SolarWinds Network Performance Monitor (NPM) to perform its function.

    This means that you must account for the cost (and requirements) of SolarWinds NPM along with the cost of SolarWinds NTA. SolarWinds NPM is also available for a 30-day free trial and license cost starts at $2,895 for monitoring 100 elements.

    Pros:

    • Supports NetFlow, J-Flow, IPFIX, and several other flow technologies
    • Generates insights related to a network’s bandwidth utilization
    • Analyzes traffic patterns and sends real-time alerts
    • Monitors bandwidth, analyzes performance, and manages multi-vendor networks
    • Allows tracking performance of the wireless network as well as VMware vSphere

    Cons:

    • Not a great option for small LANs or home users as it was designed for enterprises that process large data

    You can start a 30-day free trial.

    SolarWinds NetFlow Traffic Analyzer Download a 30-day FREE Trial

    3. ManageEngine NetFlow Analyzer – FREE TRIAL

    manageengine

    ManageEngine has a similar offering of a NetFlow collector and analyzer as the other solutions we have previously discussed. Their NetFlow Analyzer also supports multiple flow technologies such as NetFlow, J-Flow and NetStream and is targeted at network traffic analysis and bandwidth monitoring.

    Key Features:

    • Traffic analysis
    • Monitors network changes
    • Security monitoring

    ManageEngine NetFlow Analyzer packs some interesting features such as customizable dashboards, an iPhone app for anytime, anywhere monitoring and the ability to report on Cisco Medianet and Cisco WAAS.

    Pros:

    • Offers visibility into network bandwidth performance in real-time
    • Analyzes network traffic and its patterns
    • Generates one-minute granularity and custom search reports on bandwidth usage, Cisco Medianet, and Cisco WAAS
    • Users can set custom alerts depending on traffic thresholds
    • The intuitive interface helps identify bandwidth hogs and other abnormal network traffic instantly

    Cons:

    • Not a suitable option for small home networks

    ManageEngine offers an online demo of their NetFlow Analyzer which is good because you can try it out before deciding whether to download or buy. The NetFlow Analyzer comes in two editions: Essential and Distributed. Both editions can be tried for free for 30 days. The minimum license price is $495 for monitoring 10 interfaces on the Essential edition. There is also a free edition that can be used to monitor 2 interfaces without the need for any license.

    ManageEngine NetFlow Analyzer Download the 30-day FREE Trial

    4. Site24x7 Network Traffic Monitoring – FREE TRIAL

    Site24x7 sFlow Dashboard

    Site24x7 Network Traffic Monitoring is part of a system monitoring service. This cloud-based service is offered in a series of packages that emphasize the supervision of different aspects of IT systems. The packages are designed to focus on websites, infrastructure, and applications. Although each of these packages have specific focus, they all include network monitoring. Site24x7 offers both network performance monitoring and bandwidth monitoring.

    Key Features:

    • Full stack package
    • Cloud based
    • Suitable for SMBs

    Site24x7 network monitoring deploys a range of communication protocols in order to extract data from network switches. The service is able to contact the devices of more than 200 vendors. Many manufacturers, such as Cisco systems and juniper Networks have created their own languages for traffic data querying. The Site24x7 system can communicate with NetFlow, IPFIX, J-Flow, sFlow, NetStream, CFlow, and AppFlow.

    This monitoring tool is able to unify the monitoring of networks on different sites, on the cloud, and traveling through switches from different providers, using different communication protocols. This is a very flexible network traffic monitor.

    This service shows live traffic volumes on its dashboard, which is hosted in the cloud and accessed through a Web browser. All of the processing power for the monitor is also resident in the cloud. An agent module on the monitored network collects data and uploads it to the Site24x7 server over an encrypted link.

    This service also includes the ability to set thresholds, which trigger alerts. Those alerts can be sent out to key personnel as emails, SMS messages, or voice calls.

    Pros:

    • Allows watching over bandwidth as well as network traffic
    • You can extract information from network switches via different communication methods
    • Provides stats on traffic patterns for various devices and apps
    • Keep a track of data that is being transmitted over a network
    • Check the network’s capacity quality and track if it is allocated properly.

    Cons:

    • Site24x7 offers various features and customization options that may take time to fully understand

    Site24x7 is a subscription service with a range of editions. You can try any of them on a 30-day free trial.

    Site24x7 Access the 30-day FREE Trial

    5. PRTG Network Monitor – FREE TRIAL

    prtg

    Paessler PRTG Network Monitor is an all-in-one network monitoring solution which includes performance monitoring, bandwidth monitoring, server and application monitoring and so on. The benefit of this is that NetFlow monitoring is enabled by default in the tool – there is no add-on or upgrade required. PRTG Network Monitor can analyze various NetFlow versions (v5, v9), the industry standard (Internet Protocol Flow Information Export (IPFIX)), and other flow-based technologies such as sFlow and J-Flow.

    Key Features:

    • Customizable package
    • Device and traffic monitoring
    • Path analysis

    One of the uses of the NetFlow monitoring available from PRTG Network Monitor is analysis of bandwidth usage. For example, you can determine the amount of bandwidth being used by different hosts, protocols and applications. This can be very helpful in network performance troubleshooting.

    In the PRTG NetFlow setup, the Flow collector is different from the analysis software. The Flow collector is just any computer that receives flow reports from the exporters and has a PRTG probe installed on it. The analysis software is PRTG Network Monitor where the flow collector (the system with the PRTG probe) is setup as a sensor.

    Pros:

    • No upgrade or add-on is necessary as NetFlow monitoring is available by default
    • The bandwidth usage of various hosts, protocols, and apps can be ascertained
    • Helps troubleshoot network performance
    • Users can save and process flows using the PRTG NetFlow Analyzer
    • Allows tracking and performing analysis on all vital Flow protocols

    Cons:

    • It is a detailed solution, as a result, may take time to fully understand all of its features

    PRTG Network Monitor is available in two editions: Freeware and Commercial. The Freeware edition is a fully functional PRTG Network Monitor that allows you to monitor up to 100 sensors. If you would like to monitor more than 100 sensors, you will need a Commercial license that starts at $1600 for monitoring 500 sensors. You can start with either version on a 30-day free trial.

    Paessler PRTG Start a 30-day FREE Trial

    6. Noction Flow Analyzer

    Noction Flow Analyzer Dashboard

    Noction Flow Analyzer is a network traffic analysis tool that performs live traffic monitoring, live network performance monitoring, and capacity planning analysis.

    Key Features:

    • Identifies internal and inbound traffic
    • Protocol analysis
    • Great graphics

    The main source of data for this package is the statistics gathered from switches and routers, using communication standards. These are:

    • NetFlow
    • IPFIX
    • NetStream
    • J-Flow
    • sFlow

    The capabilities of the Noction system to use all of these protocols enables it to work with multi-vendor sites and extract data from network equipment provided by various manufacturers, including:

    • Netgear
    • Juniper Networks
    • Cisco Systems
    • Hewlett Packard Enterprise
    • Brocade
    • Extreme Networks
    • Dell
    • Arista
    • Huawei, and others

    Moreover, NFA offers a great way to visualize the BGP traffic routing criteria along with traffic volume via its BGP Sankey and BGP Report sections. Extensive filtering capabilities can provide you with a clear picture of the paths your traffic is taking, the countries, regions, or cities your traffic originates and terminates in, traffic volume distribution by different paths, the best potential new peering candidates, and more.

    The software for Noction Flow Analyzer installs on Linux (Ubuntu, CentOS, and RHEL).

    Pros:

    • Discovers the source of network performance issues and promptly fixes them.
    • Works with NetFlow data to analyze traffic patterns within a network
    • Uses illuminating graphs and charts to show real-time traffic data
    • Users can even perform manual historical analysis
    • If traffic congestion is found and efficiency suffers, the Noction system can be configured to issue alerts.

    Cons:

    • Not works well with Windows operating system
    • Essential to host it on your own site

    Official Website: https://www.noction.com/flow-analyzer

    Download: Get free access to this package with a free trial: https://nfa.noction.com/register.php

    7. Scrutinizer

    plixer

    Rather than being just a NetFlow Analyzer, Scrutinizer is a full Incident Response System that can be used to analyze network traffic and report on security incidents. It can collect and analyze data from different flow types including NetFlow, J-Flow, NetStream and IPFIX. This means that Scrutinizer can be used for Cisco Networking devices and other vendors.

    Key Features:

    • Incident response
    • Security monitoring
    • Preventative measures

    Scrutinizer can provide visibility into both physical and virtual environments. It also has fast and advanced reporting features, supports multi-tenancy and is very scalable because of its distributed architecture.

    There are three (3) deployment options for Scrutinizer: Hardware, Virtual Machine and Software as a Service (SaaS). You can try Scrutinizer for free for 30 days after which the product downgrades to the free version which allows you to collect up to 5 hours of data from unlimited devices before resetting i.e. you lose the historical data and start afresh.

    Pros:

    • Analyzes network traffic and updates on security breaches in real-time
    • Performs analysis on data collected from different flows
    • Provides clarity and visibility into physical as well as virtual environments
    • Supports multi-tenancy and advanced reporting features
    • Supports multiple deployments and is great for large enterprise networks

    Cons:

    • The user needs to send request to the sales team for quotes
    • Involves the use of a significant amount of the system’s resources

    8. nProbe and ntopng

    ntop

    ntopng is an open-source tool for monitoring network traffic. It works by capturing packets off an interface and analysing it to give useful information such as Top X talkers – hosts and applications consuming the most bandwidth.

    Key Features:

    • Packet sniffer
    • Also collects SNMP data
    • Open source

    ntopng can connect to nProbe which is a NetFlow/IPFIX collector. In this way, nProbe serves as the flow collector which receives flow records from flow exporters and sends this information to ntopng which analyses the information and presents it in a usable format.

    While ntopng has a free version (the community edition), you require a license to use nProbe (except you are an NGO or education institution). nProbe comes in two editions: Standard and Pro with Plugins. The Standard version costs 149.95 Euros while the Pro with Plugins costs 299.95 Euros.

    Pros:

    • A highly customizable tool that works great for Unix and macOS platforms
    • You can even track the health of your devices using the collected SNMP data
    • Great for anomaly-based intruder detection
    • Uses NetFlow and IPFIX protocols to probe network devices
    • Displays stats on latencies and TCP

    Cons:

    • Non-technical users may find it difficult to understand the tool in the initial stage
    • A paywall prevents access to the fully functional edition

    Conclusion

    In this article, we have discussed NetFlow and other flow-related technologies. We mentioned that the wealth of information provided by these flow technologies can help in several ways including network traffic analysis, performance troubleshooting and bandwidth monitoring.

    We then went on to highlight a couple of tools that can be used for collecting and analysing NetFlow records including Scrutinizer, PRTG Network Monitor and ntopng/nProbe. There are other tools that we have not mentioned like NFDUMP and EHNT that are free and open source. The reason we did not discuss these other tools is because they are limited to NetFlow unlike the other tools we discussed that support NetFlow, J-Flow, NetStream and so on.

    To conclude, if you are looking for a solution that does strictly NetFlow collection and analysis and has the ability to scale to different platforms and protocols, then we highly recommend SolarWinds NetFlow Traffic Analyzer (with Network Performance Monitor).

    If you are more interested in NetFlow analysis as an add-on to a network monitoring solution, then try PRTG Network Monitor or ManageEngine NetFlow Analyzer. If you are interested in scalability and security analysis, then Scrutinizer may be another option for you. Finally, if you want an inexpensive solution with some open-source features, check out ntopng/nProbe.

    Information

    About