Networks are a highly critical resource for every organization, so keeping it up and running always is an essential prerequisite for organizational productivity and success.
The best way to do this is by monitoring the traffic that runs through a network and analyzing the same to identify any problems or issues, so they can be effectively resolved before it affects end-users.
There are many tools available for monitoring this network traffic, and each of these tools is based on a specific protocol that is used to send receive information.
Netflow is one such network protocol that was developed by Cisco way back in 1996. Initially, this protocol made it easy for Cisco routers to collect any IP information that enters the network.
Later, this information was analyzed by network administrators to get a better understanding of different aspects such as the source of the traffic, its destination, causes of congestion, potential problems, and more.
Today, Netflow extends beyond Cisco routers and can be included in all routers and switches, so they can collect the necessary information from devices in which this protocol is enabled.
Though many other network protocols have emerged too, Netflow continues to be popular because it puts little strain on the CPU and is particularly adapted for networks with heavy data traffic and bandwidth.
Components of Netflow
A monitoring setup using Netflow protocol requires three components, namely,
- Exporter – Aggregates different network packets and sends them to a collector.
- Collector – Receives and stores data in the form of records
- Analyzer – Analyzes the data to provide the necessary insights.
Out of these, collectors and analyzers form the core part of any Netflow setup.
Netflow Collectors and Analyzers
As the name suggests, Netflow collectors is an application that collects all the different flows sent by an exporter or directly by the routers. It gathers this information in a specific format called Netflow records. This application is also responsible for,
- Converting binary flows into text and numeric flows for easy readability
- Storing the data in SQL or flat files, depending on the configuration
- Reducing data volume through selective filtering
- Synchronizing different Netflow records and sending the same to the analyzer
Netflow analyzers are the intelligent systems that take the data from collectors and analyze them to give rich insights about the state of the network and the possible problems or vulnerabilities in it.
Since Netflow collectors and analyzers work together, most applications have both these components rolled into one. Let’s take a look at some of the well-known Netflow collectors and analyzers.
- SolarWinds Netflow Traffic Analyzer
- ManageEngine Netflow Analyzer
- Nagios Network Analyzer
Let’s take a brief look at the features of each of these products, so you can make an informed decision.
SolarWinds Netflow Traffic Analyzer
SolarWinds Netflow Traffic Analyzer is a Netflow analyzer and a bandwidth monitoring tool, and it comes with the following features.
- Monitors the use of bandwidth
- Sends alerts when application traffic exceeds a certain threshold.
- Analyzes network traffic
- Comes with a performance analysis dashboard
- Optimizes based on CBQoS policy
- Identifies malicious traffic within the network
- Sends custom reports on traffic patterns
- Works seamlessly with other Orion platform products
This product is priced at $1,945 and has a fully functional 30-day free trial that can be downloaded here.
PRTG Netflow Analyzer
PRTG Netflow Analyzer provides a holistic view of your network and contains the below-mentioned features.
- Monitors many different metrics such as bandwidth use, server, traffic patterns, and more.
- Uses an intelligent auto-discovery feature to identify new devices and to include them in the Netflow monitoring setup.
- Saves and process flows.
- Supports all Netflow versions
- Available in more than 10 languages
- Quickly identifies bandwidth hogs and load peaks, and reports the same to administrators.
- Optimizes your network, so no specific action like backup can take all the bandwidth.
PRTG uses a sensor-based pricing option, where you pay for the number of sensors you use. Each sensor monitors a specific aspect of the network like CPU usage, bandwidth, and so on.
The first 100 sensors are free and you pay
- $1,600 for 500 sensors
- $2,850 for 1000 sensors
- $5,950 for 2500 sensors
- $10,500 for 1000 sensors
- $14,500 for unlimited sensors on one installation
- $60,000 for unlimited sensors on five installations.
Click here to download the trial version.
ManageEngine Netflow Analyzer
ManageEngine’s Netflow Analyzer is a comprehensive analyzer that analyzes every aspect of the traffic and provides in-depth insights on the same. Some of its salient features include,
- Allocates enough bandwidth needed for business-critical applications.
- Monitors how a network’s bandwidth is used and makes appropriate recommendations.
- Provides real-time visibility into different types of network traffic.
- Creates consolidated and custom reports to suit different purposes.
- Monitors bandwidth based on specific departments/ applications
- Provides site-to-site traffic patterns on your network.
- Comes with a customizable dashboard
- Helps with capacity planning, security analytics, network configuration management, and more.
- Sends alerts when thresholds are violated within the network.
Nprobe from ntop is an extensible network probe for both IPv4 and IPv6 environments. Some of its important features are:
- Provides visibility into more than 250 apps that run on layer 7 of the OSI model.
- Uses less than 2MB of memory and is designed for running on environments with low resources.
- Natively exports flows to Kafka, Apache, Syslog, and other platforms.
- Supports the creation of custom Netflow templates.
- Operates on Gbit networks at full speeds.
- Fully configurable
The price ranges from 49.95 Euros to 499.95 Euros, depending on your needs. You can also test drive it here.
Scrutinizer from Plixer is an advanced Netflow collector and analytics tool that comes with the following features.
- Gives you the flexibility to set up custom thresholds for different interfaces.
- Provides detailed information about anomalous traffic patterns to help identify risks and attacks quickly.
- Ranks machines based on their activities, to make it easy to identify malicious hosts.
- Comes with automated DNS resolution to reduce the rendering times of reports
- Delivers contextual forensics and advanced security analytics.
- Allows full data archiving with no limits whatsoever.
Nagios Network Analyzer
Nagios Network Analyzer is a monitoring and bandwidth utilization software that offers the following features.
- Provides detailed information in a visually-appealing way through its comprehensive dashboard
- Alerts users of suspicious activities on the network
- Provides quick and in-depth insights into network traffic, bandwidth, and overall network health.
- Helps to monitor the network usage of specific applications.
- Keeps track of different Netflow subsets along with historical data.
Nagios Network Analyzer is priced at $1,995 and you can try a free version here.
To conclude, Netflow is a popular protocol for collecting information about a network and analyzing the same to get deep insights into how the network is used and the different applications and users that consume its bandwidth. Based on this information, appropriate policies can be enforced and the existing network resources can be streamlined for maximum efficiency and productivity.
There are many collectors and analyzers available today and we hope the ones presented above will give you an idea about the available options so you can make informed choices.