Network analysis, or the process of “looking” at network traffic and trying to understand it, is a complex endeavour. It is, however, a very useful process as it can provide precious assistance when troubleshooting various networking issues. It is also one of the best tools for capacity planning. But let’s face it, it is something that is best left to computers to handle. This is why we’re about to review some of the best network analysis tools. Our hope is that our reviews of the top product can help you compare what is available and select the product—or products—that best matches your specific needs.
We’ll begin our journey by having a deeper look at network analysis, exploring what it is and how it’s done. Then, we’ll explain the differences between the two main types of analysis, quantitative (i.e. bandwidth analysis) and qualitative (i.e. flow analysis). Our next order of business will be a short explanation of the Simple Network Management Protocol as it is the most-used technology for bandwidth analysis followed by a similar exploration of the NetFlow technology, the most common flow analysis method. We’ll finish with the best, our brief reviews of the best bandwidth analysis and the best flow analysis tools.
About Network Analysis
Network traffic is often compared to road traffic where network circuits can be thought of as highways and the data packets they transport are compared to the vehicles travelling along them. But while automobile traffic is visible and any problem or congestion is readily observable, seeing what’s going on within a network can be a bit more complex. Network traffic is hidden within networking devices, copper cables or glass fibres and it travels at the speed of light; way too fast for anyone to see it.
To effectively analyze network traffic, specialized tools must be used. Some can poll devices to get their interfaces’ traffic figures and to show you how much data travels through them. Other tools, as we’re about to find out, use a different approach to get details about individual data flows and build reports that not only show how much data goes by but also what that data is, where it’s coming from and where it’s going to.
Quantitative vs Qualitative Analysis
Network bandwidth analysis is the most basic type of network analysis. Specialized analysis tools can measure how much data is transported on each router interface. They typically rely on the Simple Network Management Protocol or SNMP to poll routers, read their interface counters and compute the amount of traffic going through their interfaces. They can use the computed data to build graphs depicting the evolution of the monitored parameters over time. They will often let you zoom in into a shorter time span where graph resolution is high and can, for instance, display 5-minute average traffic or zoom out to a longer time span–a month or even a year–where it displays daily or weekly averages.
Another type of network analysis is called flow analysis. It can give you much more details about the data passing through your network. Flow analysis tools don’t just tell you how much traffic is going by, they give you qualitative information about that traffic. They rely on software that’s built right into your networking devices to send them detailed usage data. Using these tools will provide details such as the top talkers and listeners, the network usage by source or destination address, the network usage by protocol or by application and several other useful information about what is going on.
A few flow analysis technologies exist but Cisco’s NetFlow is the most common of them. It is, of course, present on most Cisco devices and it is also present—sometimes under a different name—on equipment from other vendors, such as J-flow on Juniper devices or NetStream on HP and Huawei equipment. There’s even an IETF standard protocol called IPFIX which is based on the latest version of NetFlow. Typical flow analysis tools support several—if not all—flow analysis technologies.
IN-DEPTH READ: 6 Best Open-Source NetFlow Software
SNMP In A Nutshell
The Simple Network Management Protocol (SNMP) is the most widely used network bandwidth analysis technology. SNMP-enabled network devices “publish” a certain number of parameters. Some are configuration parameters that can be modified while others are read-only counters and gauges, used primarily for analysis purposes. There are, for example, CPU and memory usage gauges as well as interface traffic and error counters available via SNMP.
For bandwidth analysis, the process is a tad more complex than remotely reading gauges. Two counters called bytes in and bytes out (each interface has them) are read by the monitoring tool at precisely timed intervals. Every 5 minutes is a typical interval. The monitoring tool then subtracts the previous value of the counter from the current one to get the number of bytes transferred in five minutes. It multiplies that number by 8 to get the number of bits in five minutes. Finally, it just divides the last result by 300 (the number of seconds in five minutes) to get the average 5-minute bandwidth in bits per second.
RELATED READING: Top 5 Open-Source SNMP Monitoring Tools
Originally created solely to simplify the creation of router access control lists, Cisco’s engineers quickly realized that NetFlow data could be put to better use by exporting it to a device with the ability analyze that information. NetFlow analysis was born.
NetFlow uses a three-component architecture. The exporter runs on the monitored device, aggregates packets into flows, and exports flow records to a flow collector. The flow collector handles the reception, storage and pre-processing of the flow data. Finally, the flow analyzer is used to analyze the flow data. Today, most systems combine the collector and analyzer in one device.
The Best Network Bandwidth Analysis Tools
Let’s first have a look at some of the very best network bandwidth analysis tool. There are many more tools available than the three we’ve listed here but we felt that those are the best you can find in terms of their feature set and overall quality. They are all from top-notch makers of network administrations tools.
The SolarWinds name is well-known to many network administrators. The company makes some of the best network and system administration tools an many of them have received rave reviews and are considered among the very best in their respective fields. The company is also famous for its free tools, smaller tools which each address a specific need of network administrators. Two good examples of those free tools are the Advanced Subnet Calculator and the Kiwi Syslog Server.
For network bandwidth analysis, SolarWinds offers its Network Performance Monitor (NPM). This tool is mainly an SNMP bandwidth monitoring tool. It also offers comprehensive fault monitoring and performance management and it is compatible with most SNMP-enabled device. It also comes with many advanced features such as its NetPath feature lets you view the critical network path between any two monitored points on your network or its ability to automatically generate intelligent network maps.
- FREE TRIAL: SolarWinds Network Performance Monitor
- Download Link: https://www.solarwinds.com/network-performance-monitor/registration
The tool’s Network Insights functionality allows for complex device monitoring. It can monitor Software Defined Networks (SDN) and also has built-in Cisco ACI support as well the ability to monitor wireless networks and to generate network performance baselines. Other interesting features of the NPM include advanced alerting and its PerfStack performance analysis dashboard. The SolarWinds Network Performance Monitor is a highly scalable tool that can be used on any network from the smallest to the largest.
The SolarWinds Network Performance Monitor’s pricing structure is quite simple. Licensing is based on the number of monitored elements. Five licensing tiers are available for 100, 250, 500, 2000, and unlimited elements at prices ranging from $2 955 to $32 525, including the first year of maintenance. If you’d rather give the tool a test run before committing to a purchase, a free 30-day trial version can be obtained.
2. PRTG Network Monitor
The PRTG Network Monitor from Paessler AG is another great product. It is, at its base, an SNMP network analysis tool. However, thanks to a concept called sensors—a type of functionality plug-ins that are already built into the product—additional metrics can be monitored. There are about two hundred sensors available with the product to monitor virtually any network parameter. Installation speed is another strength of the product. According to Paessler, it can be set up in a couple of minutes. While it may not be that fast, it is indeed faster than most competitor’s thanks in part to the tool’s auto-discovery engine.
The PRTG Network Monitor is a feature-rich product that it even offers a choice of user interfaces. You can choose between a native Windows enterprise console, an Ajax-based web interface and mobile apps for Android and iOS. Alerting and reporting are excellent and the product boasts a wide range of reports that can be viewed as HTML or PDF or exported to CSV or XML to be processed externally.
The PRTG Network Monitor is available in a free version which is limited to monitoring no more than 100 sensors. Each parameter you want to monitor counts as one sensor. For example, monitoring bandwidth on each interface of a 4-port router will use up 4 sensors and monitoring the CPU and memory on that same router will use up 2 more. Each additional sensor you install also counts. For more than 100 sensors—which you will most likely need—you’ll need a license. Their prices start at $1 600 for up to 500 sensors, including the first year of maintenance. A free 30-day trial version is also available.
3. ManageEngine OpManager
The ManageEngine OpManager is a complete management solution that addresses most—if not all—network analysis needs. The tool, which can run on either Windows or Linux, is loaded with great features. For instance, its auto-discovery feature doesn’t just add devices to the tool, it can graphically map your network, giving you a uniquely customized dashboard.
And talking about the dashboard, it is one of the tool’s best assets. It is super easy to use and navigate and has drill-down functionality. And If you’re into mobile apps, they are available for tablets and smartphones and will give you access from anywhere.
Alerting in OpManager is another of the product’s strengths. It’s got a full complement of threshold-based alerts that can help detect, identify, and troubleshoot networking issues. Furthermore, multiple thresholds each with their own notifications can be set for every performance metric.
If you want to try the ManageEngine OpManager, you can get a free version. It is not a time-limited trial version. It is, instead, feature-limited. It won’t, for instance, let you monitor more than ten devices. While this might be sufficient for testing purposes, it will only suit the smallest networks. For more devices, you can choose between the Essential or the Enterprise plans. The first will let you monitor up to 1 000 nodes while the other goes up to 10 000. Pricing information is available by contacting ManageEngine’s sales.
The Best Flow Analysis Tools
Just like with bandwidth analysis tools, there are countless flow analysis tools available. But again, we’ve limited ourselves to reviewing what we consider to be the best three. Like the preceding list, we’ve included the tools that offered the most in terms of features, reliability, and ease of use.
The SolarWinds NetFlow Traffic Analyzer can analyze network traffic by application, protocol, and IP address group. It will monitor NetFlow devices but also J-Flow, sFlow, NetStream, and IPFIX. The tool collects flow data, arranges it into a usable and meaningful format and present it to users in a web-based interface. It can be used to identify which applications and categories consume the most bandwidth.
Among its best features, the SolarWinds NetFlow Traffic Analyzer can monitor bandwidth usage by application, protocol, and IP address group. It can also monitor Cisco NetFlow, Juniper J-Flow, sFlow, Huawei NetStream, and IPFIX flow data to identify which applications and protocols are the top bandwidth consumers. The tool will collect traffic data, correlate it into a usable format, and present it to the user in a web-based interface for monitoring network traffic. It also identifies which applications and categories consume the most bandwidth for better network traffic visibility.
- FREE Trial: SolarWinds NetFlow Traffic Analyzer
- Download Link: https://www.solarwinds.com/network-bandwidth-analyzer-pack/registration
The SolarWinds NetFlow Traffic Analyzer is an add-on to the Network Performance Monitor, SolarWinds’ flagship product described earlier. You can save by acquiring both at the same time as the SolarWinds Network Bandwidth Analyzer Pack. Prices for the bundle start at $4 910 for monitoring up to 100 elements and vary according to the number of monitored devices. While this may seem a bit expensive, keep in mind that you’re getting not one but two of the best monitoring tools available. If you’d prefer to try the product before purchasing it, a free 30-day trial can be downloaded from SolarWinds.
Scrutinizer from Plixer is another great NetFlow analyzer. In fact, it’s even more than that and it can easily be considered a full-fledged incident response system. With its ability to monitor different flow types such as NetFlow, J-flow, NetStream, and IPFIX, you’re not limited to monitoring only Cisco devices.
The hierarchical design of Scrutinizer offers streamlined and efficient data collection and allows anyone to start small and easily scale way up to many million flows per second. The network is often first blamed whenever something goes wrong. Using The product’s advanced analysis, you can quickly find the real cause of many network issues. For even greater flexibility, the product works in both physical and virtual environments and it comes with advanced reporting features.
Scrutinizer is available in four license tiers that go from the basic free version to the full-fledged SCR level which can scale up to over 10 million flows per second. The free version is limited to 10 thousand flows per second and it will only keep raw flow data for 5 hours but it should be more than enough to troubleshoot network issues. You can also try any license tier for 30 days after which it will revert to the free version.
3. ManageEngine NetFlow Analyzer
Next on our list is another tool from ManageEngine simply called the ManageEngine NetFlow Analyzer. It’s got a web-based user interface that offers several different views of your network. You’ll be able to view traffic by application, by conversation, by protocol, and many more options. The tool will also let you set alerts. You could, for example, set a traffic threshold on a specific router interface and be alerted whenever traffic exceeds it.
The ManageEngine NetFlow Analyzer’s dashboard includes several pie charts displaying top applications, top protocols or top conversations. It can also display a map with the status of the monitored interfaces. Dashboards and reports can be customized at will to include all the information that you need. The tool’s dashboard is also where alerts are displayed in the form of pop-ups. A smartphone client app will let you access the dashboard and reports from anywhere.
The ManageEngine NetFlow Analyzer supports most flow technologies including NetFlow, IPFIX, J-flow, NetStream and a few others. It is available in two versions. The free version is identical to the paid one for the first 30 days but it then reverts to monitoring only two interfaces or flows. For the paid version, licenses are available in several sizes from 100 to 2 500 interfaces or flows.