NetFlow analysis is undeniably powerful when it comes to assessing and analyzing your network, network traffic and bandwidth, devices, or just about anything to do with the data being transmitted over your network.
There are a variety of tools which can assess traffic on a basic level in terms of round-time, packet loss, and other things like that, but NetFlow allows you to discern so much more about each individual packet and, what's more, levy that knowledge by means of analytic software and data aggregation via charts and graphs to dramatically ease your task at hand.
When it comes to almost any software need these days there tend to be a wide range of options, both paid and free, and the open-source movement remains quite active indeed.
Open-source software tends to have a remarkable flexibility, either via child builds and projects that spawned off the shortcomings of their forefathers, or by means of exceptional modularity and transparency that would be simply unheard of with any kind of proper, paid enterprise level solution.
With that said, however, an open-source project is only as powerful and prodigious as its proponents.
Projects that go untouched or end up more or less “finished” tend to taper off as far as forwards-thinking support and features, and can often fall behind the curve of normalcy if they become too deprecated, often in favor for different open-source options that are newer or built on a more current framework.
Open-source software in the NetFlow realm can be powerful indeed, but you have to be sure the solution you're looking at fits your networks needs and won't leave you wanting.
If none of the solutions from below work, consider a commercially available Netflow Collector/Analyzer – some of which are free to use or have extensive Trials.
Here's the Best Free Open Source Netflow Analyzers & Collectors of 2023:
Flowscan is somewhat interesting in that it acts more as a generalized tool for visualizing NetFlow data rather than collecting and aggregating it for later analysis. By its very nature there's a slight delay, but it does an excellent job gathering up and displaying the NetFlow statistics for you to admire visually almost on the fly!
Most native to the GNU/Linux environment and requires a combo of collector and Perl script for the visual aspects, as well as a database component.
- Provides detailed visualization options for Netflow data
- Users can build reports from collected data
- Supports live monitoring
- Outdated when compared to similar tools available
- Not as easy to use as competing tools
- Live monitoring is delayed
While Cflowd is no longer under active support and updates, it's still a pretty reliable offering that does all the basic collection, storage, and analysis of NetFlow data. It's a fairly barebones piece of software, but it does precisely what it needs to do.
It also has some modularity with a variety of other packages that can be used to modify what it can do and how to display data.
- Features tools to aid in capacity planning and trend analysis
- Simple install requirements
- Leverages flow dump for faster data filtering
- Is considered abandonware – no longer supported as of 2004
Ntop is a solid choice that works well in both UNIX environments as well as Windows. It even includes support for Cisco-specific NetFlow features and sFlow as well!
NTop is a particularly common choice as one of the more well-known open-source offerings for NetFlow collection and analysis.
NTop is somewhat unique in that the interface is purely web based and makes it a lot easier to navigate and manipulate via several client machines and, what's more, there's even a github variant for Mac OSX support!
- Open-source project with full transparency
- Free version available alongside the enterprise version
- Special licensing options for nonprofits and educational institutions
- User interface is easy to use, but could be improved upon
“Extreme Happy NetFlow Tool,” or EHNT, despite its rather quirky name is a simple and solid offering.
It's just about as barebones as you can get, running with a simple terminal interface that basically just grabs NetFlow data and parses it into the most basic humanly-readable format that it can manage!
- Syntax is easy to learn
- Can provide scheduled reports as often as every 60 seconds
- Is easier to use than other command line Netflow analyzers
- Solely a command line tool, no GUI available
- Only supports Netflow 5
Flow-tools, often paired with FlowViewer which is pictured above, is another pretty straightforward and simple open-source NetFlow analysis program.
Coupled with FlowViewer, another open-source offering that works specifically with Flow-tools, it becomes another web-interface based option for easy perusal and visualization of NetFlow statistics.
- A complete toolset for Netflow data collection and processing
- Allows users to create custom reports based on collected data
- The project maintains a small but active team around it
- Steeper learning curve than similar tools
BPFT is more of an add-on than its own standalone offering – it adds onto the libpcap library and uses, as the name implies, the Berkeley Packet Filter, BPF, mechanism for capturing IP traffic to perform NetFlow analysis.
- Tested specifically for Free/Open BSD
- Supports saving backups to local disk
- Detailed tool, logs and stores all network information by default
- Only runs on Unix systems
AnonTool is a curious software which takes NetFlow analysis and management in a slightly different direction, with a focus primarily on anonymization, or deanonymization, of NetFlow traffic and the subsequent analysis of that data thereafter.
Extremely niche but also a curious option for those invested in security and data obfuscation.
Another open-source project for which development has tapered off but still a useful one for some needs.
This particular program uses NetFlow data and analysis in an attempt to attempt to detect and, more importantly, stop DDoS style attacks on networks.
While work on the project may resume in the future, for now it's dead in the water, meaning it may or may not have much to offer for you.
- Leverages Netflow data to detect and prevent DDoS attacks
- Built to provide data for Network Intrusion Detection Systems (NIDS)
- Well documented, easy to deploy
- Is no longer being supported – the last update was in 2014
Many of these tools can more than suffice for many network environments, but there are many cases where they may fall short, too!
Be sure to asses each tool firsthand and consider your network and the importance of each aspect of tracking and analysis – admins who are running non-critical systems or have a smaller environment that isn't as easily crippled financially by an outage may find little issue here, but those overseeing multiple data-centers, or huge customer-facing servers may hesitate to put their well-being in the hands of the options above.
Individuals dealing with heavier or more strict and rigid environments would be best suited to check out some of the paid options, which tend to offer free trials and demos and can more than be worth their sometimes hefty cost.
Related Post: Best Penetration Testing Tools