When it comes to managing a network, it’s important to have the right equipment and software that will give you the visibility you need to ensure everything is running smoothly. Unlike road traffic where slowdowns and obstructions can easily be pinpointed, network traffic is not something that’s easy to see. This is why tools like NetFlow can come to your help. Today, we’re reviewing the best NetFlow collectors and analyzers for Windows.
We’ll begin our journey by discussing the different methods network administrators can use to monitor their network and locate–and fix–issues before they become real problems. Then, we’ll explain what NetFlow is How it works and what’s needed to exploit it. And while we’re there, we’ll also discuss some NetFlow alternatives that might be of interest. We will then dive into the core of the matter and introduce the five best NetFlow collectors and analyzers available for Windows. Some products are available for free, others require a purchase or a subscription.
About Monitoring Networks
As a network administrator, one of your responsibilities is to make sure everything is running smoothly, that there are no slowdowns and that all network traffic gets to its destination within an acceptable time. Unfortunately, what happens on a network happens inside cables, routers, switches and other equipment where it is typically very hard to see what’s going on. This is where the concept of network monitoring comes from. using different tools, administrators can gain some visibility on what’s going on inside the network.
There are several tools admins can use to monitor their network. The most basic tools are command-line diagnostic tools. You probably know them and are using them constantly. Ping, for instance, allows you to validate that a given IP address can be reached and provide some statistics on round-trip delays and packet loss. Tracert–or traceroute, depending on your OS–will trace the complete network path between two devices. Nmap will list all the devices that are present on a specific subnet.
Packet Capture And Analysis Tools
Next are network monitoring tools that will let you capture traffic passing through a specific location and that will let you decode the packets and analyze them. They can be very useful when trying to solve application layer issues but they often won’t give you much information on the actual performance of your network. One such tool that has become very common is called Wireshark. Tcpdump is another similar tool that uses a command-line interface rather than a GUI.
Flow Analysis Software
For the most precise view of what’s going on, flow analysis what you need. It relies on networking devices to send traffic information so systems called collectors and/or analyzers which can, in turn, interpret flow data and present it in meaningful ways. The protocol that permits this is called NetFlow. It was created by Cisco Systems several years ago but it is now commonly used in one form or another on networking equipment from most major manufacturers.
What Is NetFlow?
NetFlow was developed by Cisco Systems and was introduced on their routers to provide the ability to collect IP network traffic as it enters or exits an interface. The collected data is then analyzed by network administrators to help determine the source and destination of traffic, the class of service, and the causes of congestion.
A typical NetFlow monitoring setup consists of three main components:
- The flow exporter aggregates packets into flows and exports flow records towards one or more flow collectors.
- The flow collector is responsible for reception, storage and pre-processing of flow data received from a flow exporter.
- Finally, the analysis application is used to analyze received flow data. Analysis can be used for traffic profiling, or for network troubleshooting.
How NetFlow Works
Routers, switches and any other device that supports NetFlow can be configured to output flow data in the form of flow records and send them to a NetFlow collector. A flow is a complete conversation in the IP sense. The device preparing flow records normally sends them to the collector when it determines that the flow is finished either through aging–there has not been any traffic within a specific timeout–or when it sees a TCP session termination.
The flow record contains a lot of information about the flow. It includes the input and output interfaces, the start and finish timestamps of the flow, the number of bytes and packets it contains, the layer 3 headers, the source and destination IP address and port number, the IP protocol, and the TOS value. Flow records don’t contain the actual data that made up the flow. The only contain information about the flow. This is important from a security standpoint.
Except in huge multi-site environment, the flow collectors where the records are sent are often also the flow analyzers. They use the information contained in flow records to present data about network traffic in a way that is useful to network administrators. Different NetFlow collectors and analyzers will have different ways of presenting data. This is where our list of the best NetFlow collectors and analyzers will come in handy.
Some NetFlow Alternatives
As we’ve already hinted, NetFlow exists by several different names. But there are also alternatives to NetFlow, the two best-known are sFlow and IPFIX. The latter is heavily based on the latest version of NetFlow except that it is an IETF standard. We’re free to think that Cisco might even eventually replace NetFlow with IPFIX.
As for sFlow, it is a different, competing system. Its goal and general principles of operation are similar but different. Some NetFlow analyzers will also work with sFlow but, generally speaking, users of one don’t use the other.
Best NetFlow Collectors and Traffic Analyzers
We’ve searched the market for the best NetFlow Collectors and analyzers for Windows. Why Windows? Mainly for two reasons. First, it is the most-used operating system and probably the one most network administrators are already familiar with. Secondly, the best NetFlow collectors and analyzers are for Windows. It only made sense, then, that we focus on that operating system.
So, here are the five best products we could find, in order of preference with our favorite at the top of the list. We’ll try to give you as much information about each to allow you to choose the package that best matches your needs.
1- SolarWinds Real-time NetFlow Analyzer (FREE TRIAL)
If you’re a network administrator and you’ve never heard of SolarWinds, it’s about time you discover the company. SolarWinds makes some of the best software for network and system administration. And their Real-time NetFlow Traffic Analyzer is simply the very best NetFlow collector and Analyzer you can find.
- FREE TRIAL: SolarWinds Real-Time NetFlow Analyzer
- Download Link: https://www.solarwinds.com/free-tools/real-time-netflow-analyzer/
Here are some of the product’s best features.
- The SolarWinds NetFlow Traffic Analyzer can monitor Bandwidth use by application, protocol, and IP address group.
- It can monitor Cisco NetFlow, Juniper J-Flow, sFlow, Huawei NetStream, and IPFIX flow data to identify which applications and protocols are the top bandwidth consumers.
- It collects traffic data, correlating it into a useable format, and presenting it to the user in a web-based interface for monitoring network traffic.
- It Identifies which applications and categories consume the most bandwidth for better network traffic visibility with Cisco NBAR2 support.
The product will set you back a few thousand dollars but it is well worth the investment. It integrates into the SolarWinds Network Performance Monitor and, as such, also need that product to be purchased. But if you want to try it before you buy it, you can download a fully functional 30-days evaluation version – using this link.
But SolarWinds is not only famous for making the best network administration software, they also make some of the best free tools out there. And if you need a smaller-scale solution their free Real-Time NetFlow Analyzer might be just what you need. The tool is completely free and can be downloaded from here.
Although not quite as complete as the full-fledged NetFlow Traffic Analyzer, the Free Real-Time NetFlow Analyzer gives you the same basic functionality.
- FREE TRIAL: SolarWinds Real-Time NetFlow Analyzer
- Download Link: https://www.solarwinds.com/free-tools/real-time-netflow-analyzer/
It can capture and analyze Appflow, NetFlow, JFlow, and sFlow data in real time. And it will show you exactly the types of traffic on your network, where it’s is coming from, and where it’s going to. You can also use it to diagnose traffic spikes and troubleshoot bandwidth issues.
Here are the product’s primary features:
- Identify which users, devices, and applications are consuming the most bandwidth
- Isolate network traffic by conversation, app, domain, endpoint, and protocol
- View network traffic by type and specified time periods
This free software has some limitations when compared to its bigger brother. Its primary focus is the current and recent state of your network. It can only collect data from one NetFlow interface and will only keep and analyze the last 60 minutes of data.
The tool, like most other SolarWinds tools, installs easily via a standard windows setup wizard. And once installed, a NetFlow Configurator is included. It will help you configure devices that support various NetFlow variants.
If your networking equipment supports NetFlow and you need a quick and dirty view on your bandwidth usage, the SolarWinds free Real-Time App Flow Analyzer.
As its name implies, PRTG from Paessler is an all-in-one solution whose primary purpose is monitoring bandwidth utilization. It’s also used to monitor availability and health of different network resources. As such, it’s another very useful tool for network administrators. PRTG can monitor multiple sites and it can monitor LAN, WAN, VPN and Cloud Services.
PRTG is not just a NetFlow collector and analyzer. In fact, it uses several technologies to monitor systems, devices, traffic, and applications. It primarily uses:
- SNMP with ready to use and custom options
- WMI and Windows Performance Counters
- SSH for Linux/Unix and MacOS systems
- Flows (like NetFlow or sFlow) and Packet Sniffing
- HTTP requests
- REST APIs returning XML or JSON
- Ping, SQL and many more
PRTG comes in two versions. There’s a free version that is limited to 100 sensors. You need to be aware that a sensor is not a device. It is, instead, the most basic element that can be monitored. For example, to monitor each port of a 48-port switch, you’ll need 48 sensors. For NetFlow, you’ll need one sensor per flow source.
If you need more than 100 sensors, you’ll need to purchase a license. They are available for 500, 1000, 2500, or 5000 quantity and there’s also an unlimited license. Prices vary from around $1 600 to just under $15 000. Note that the free version will allow unlimited sensors for the first 30 days so you can through test-drive the product.
Installing PRTG is easy. After you’ve run the installer, the auto-discovery process will discover devices and set up sensors. And if that isn’t enough, you can add sensors–such as NetFlow collectors–manually. There’s even a detailed video that will show you how it’s done.
The server runs on Windows only but the user interface is web-based and can be accessed from any browser. There’s also a mobile app that you can install on your smartphone. And to accompany the mobile app, PRTG has a unique feature un the form of QR labels that you can print and affix on your devices. Then, it’s a simple matter of scanning the code from the mobile app to quickly view the device’s sensor data.
Scrutinizer from Plixer is another great NetFlow Analyzer. In fact, it’s even more than that and many view it as a full incident response system. With its ability to monitor different flow types such as NetFlow, J-flow, NetStream, and IPFIX, you’re not limited to monitoring only Cisco devices.
With its hierarchical design, Scrutinizer offers streamlined and efficient data collection and allows you to start small and easily scale way up to many million flows per second. The network is often first blamed whenever something goes wrong, With Scrutinizer, you can quickly find the real cause of most any network issues. Scrutinizer works in both physical and virtual environments and comes with advanced reporting features.
Scrutinizers comes in four license tiers that go from the basic free version to the full-fledged SCR level which can scale up to over 10 million flows per second. The free version is limited to 10 thousand flows per second and it will only keep raw flow data for 5 hours but it should be more than enough to troubleshoot network issues. You can also try any license tier for 30 days after which it will revert back to the free version.
The ManageEngine NetFlow Analyzer gives the network administrator a detailed view of network bandwidth utilization as well as traffic patterns. The product is controlled by a web-based interface and offers an impressive number of different views on your network.
You can, for instance, view traffic by application, by conversation, by protocol, and several more options. You can also set alerts to warn you of potential issues. For example, you can set a traffic threshold on a specific interface and be alerted whenever traffic exceeds it.
But most of the strength of the product comes from its reports and dashboard. The tool comes with several very useful pre-built reports that are specifically tailored for specific purposes such as troubleshooting, capacity planning or billing. But you’re not stuck with built-in reports as the tool also allows administrators to create custom reports to their liking.
As for the tool’s dashboard we mentioned, it is just as impressive as its reports. It includes several pie charts with things such as top applications, top protocols or top conversations. It can also display a heat map with the status of the monitored interfaces. And as you might have guessed, dashboards can be customized to include only the information you find useful. The dashboard is also where alerts are displayed in the form of pop-ups. And for the on-the-go network administrator, there’s a smartphone app that will let you access the dashboard and reports.
The ManageEngine NetFlow Analyzer supports most flow technologies including NetFlow (of course), IPFIX, J-flow, NetStream and a few others. As a bonus, the too has excellent integration with Cisco devices, with support for adjusting traffic shaping and/or QoS policies right from the tool.
Like many competing products, the ManageEngine NetFlow Analyzer comes in two versions. The free version will be identical to the paid one for the first 30 days but it will then revert to monitoring only two interfaces of flows. While this is not much, it could be all that you need.
If you want the paid version, licenses are available in several sizes from 100 to 2500 interfaces or flows with prices varying between about $600 to over $50K plus annual maintenance fees.
nProbe and ntopng are somewhat more advanced–and more complicated–open-source tools. Ntopng is a web-based traffic analysis tool for monitoring networks based on flow data while nProbe is a NetFlow and IPFIX exporter and collector. Together, they make for a very flexible analysis package. If you’ve administered Linux networks before, you might be familiar with ntop. ntopng is the next-generation GUI version of this ageless tool.
There’s a free community version of ntopng and you can also purchase enterprise versions. They can be expensive but they are free to educational and non-profit organizations. As for nProbe, you can try it for free but it is limited to a total of 25 000 exported flows. To go beyond that, you’ll need to purchase a license.
Like most modern network analysis tools, ntopng features a web-based user interface which can present data by traffic-such as top talkers, flows, hosts, devices, and interfaces. It has a mix of charts, tables, and graphs. most featuring drill-down options that let you explore in greater depth. The interface is quite flexible and allows for a lot of customization.
For the very best Netflow collector and analyzer, you can’t go wrong with one of the SolarWinds offerings. The company consistently releases some of the best paid and free tools for network management. Their paid software is reasonably priced–especially when considering the features and their free tools are among the best.
The other four products we’ve just introduced are also great options. They may not be as full-featured or they may require a bit more work to set them up but any of them will do its job and do it well. And since they all offer some form of free trial, there’s no reason not to try them,