NetFlow analysis is undeniably powerful when it comes to assessing and analyzing your network, network traffic, devices, or just about anything to do with the data being transmitted over your network.
There are a variety of tools which can assess traffic on a basic level in terms of roundtime, packet loss, and other things like that, but NetFlow allows you to discern so much more about each individual packet and, what’s more, levy that knowledge by means of analytic software and data aggregation via charts and graphs to dramatically ease your task at hand.
When it comes to almost any software need these days there tend to be a wide range of options, both paid and free, and the open-source movement remains quite active indeed. Open-source software tends to have a remarkable flexibility, either via child builds and projects that spawned off the shortcomings of their forefathers, or by means of exceptional modularity and transparency that would be simply unheard of with any kind of proper, paid enterprise level solution. With that said, however, an open-source project is only as powerful and prodigious as its proponents.
Projects that go untouched or end up more or less “finished” tend to taper off as far as forwards-thinking support and features, and can often fall behind the curve of normalcy if they become too deprecated, often in favor for different open-source options that are newer or built on a more current framework.
Open-source software in the NetFlow realm can be powerful indeed, but you have to be sure the solution you’re looking at fits your networks needs and won’t leave you wanting.
If none of the solutions from below work, consider a commercially available Netflow Collector/Analyzer – some of which are free.
Flowscan is somewhat interesting in that it acts more as a generalized tool for visualizing NetFlow data rather than collecting and aggregating it for later analysis. By its very nature there’s a slight delay, but it does an excellent job gathering up and displaying the NetFlow statistics for you to admire visually almost on the fly! Most native to the GNU/Linux environment and requires a combo of collector and Perl script for the visual aspects, as well as a database component.
Download link: https://www.caida.org/tools/utilities/flowscan/pub/
While Cflowd is no longer under active support and updates, it’s still a pretty reliable offering that does all the basic collection, storage, and analysis of NetFlow data. It’s a fairly barebones piece of software, but it does precisely what it needs to do. It also has some modularity with a variety of other packages that can be used to modify what it can do and how to display data.
Download link: https://www.caida.org/tools/measurement/cflowd/download/
Ntop is a solid choice that works well in both UNIX environments as well as Windows. It even includes support for Cisco-specific NetFlow features and sFlow as well! NTop is a particularly common choice as one of the more well-known open-source offerings for NetFlow collection and analysis. NTop is somewhat unique in that the interface is purely web based and makes it a lot easier to navigate and manipulate via several client machines and, what’s more, there’s even a github variant for Mac OSX support!
Download link: http://www.ntop.org/get-started/download/
“Extreme Happy NetFlow Tool,” or EHNT, despite its rather quirky name is a simple and solid offering. It’s just about as barebones as you can get, running with a simple terminal interface that basically just grabs NetFlow data and parses it into the most basic humanly-readable format that it can manage!
Download link: http://ehnt.sourceforge.net/
Flow-tools, often paired with FlowViewer which is pictured above, is another pretty straightforward and simple open-source NetFlow analysis program. Coupled with FlowViewer, another open-source offering that works specifically with Flow-tools, it becomes another web-interface based option for easy perusal and visualization of NetFlow statistics.
Download link: http://packages.ubuntu.com/precise/net/flow-tools
BPFT is more of an add-on than its own standalone offering – it adds onto the libpcap library and uses, as the name implies, the Berkeley Packet Filter, BPF, mechanism for capturing IP traffic to perform NetFlow analysis.
Download link: http://bpft4.sourceforge.net/
AnonTool is a curious software which takes NetFlow analysis and management in a slightly different direction, with a focus primarily on anonymization, or deanonymization, of NetFlow traffic and the subsequent analysis of that data thereafter. Extremely niche but also a curious option for those invested in security and data obfuscation.
Another open-source project for which development has tapered off but still a useful one for some needs. This particular program uses NetFlow data and analysis in an attempt to attempt to detect and, more importantly, stop DDoS style attacks on networks. While work on the project may resume in the future, for now it’s dead in the water, meaning it may or may not have much to offer for you.
Download link: http://panoptis.sourceforge.net/
Many of these tools can more than suffice for many network environments, but there are many cases where they may fall short, too! Be sure to asses each tool firsthand and consider your network and the importance of each aspect of tracking and analysis – admins who are running non-critical systems or have a smaller environment that isn’t as easily crippled financially by an outage may find little issue here, but those overseeing multiple data-centers, or huge customer-facing servers may hesitate to put their well-being in the hands of the options above.
Individuals dealing with heavier or more strict and rigid environments would be best suited to check out some of the paid options, which tend to offer free trials and demos and can more than be worth their sometimes hefty cost.