7 Best Free Open Source NetFlow Analyzers

NetFlow analysis is undeniably powerful when it comes to assessing and analyzing your network, network traffic and bandwidth, devices, or just about anything to do with the data being transmitted over your network.

There are a variety of tools which can assess traffic on a basic level in terms of round-time, packet loss, and other things like that, but NetFlow allows you to discern so much more about each individual packet and, what's more, levy that knowledge by means of analytic software and data aggregation via charts and graphs to dramatically ease your task at hand.

When it comes to almost any software need these days there tend to be a wide range of options, both paid and free, and the open-source movement remains quite active indeed.

Open-source software tends to have a remarkable flexibility, either via child builds and projects that spawned off the shortcomings of their forefathers, or by means of exceptional modularity and transparency that would be simply unheard of with any kind of proper, paid enterprise level solution.

With that said, however, an open-source project is only as powerful and prodigious as its proponents.

Projects that go untouched or end up more or less “finished” tend to taper off as far as forwards-thinking support and features, and can often fall behind the curve of normalcy if they become too deprecated, often in favor for different open-source options that are newer or built on a more current framework.

Open-source software in the NetFlow realm can be powerful indeed, but you have to be sure the solution you're looking at fits your networks needs and won't leave you wanting.

If none of the solutions from below work, consider a commercially available Netflow Collector/Analyzer – some of which are free to use or have extensive Trials.

The Best Free Open Source NetFlow Analyzers & Collectors

Our methodology for selecting open-source Netflow analyzers

We reviewed various NetFlow analyzers and analyzed the options based on the following criteria:

Support for data integrations into other platforms
Ease of use
Support for various version of NetFlow
A facility to analyze network performance over time
Graphical interpretation of data, such as charts and graphs
A free trial period, a demo, or a money-back guarantee for no-risk assessment
A good price that reflects value for money when compared to the functions offered

1. Flowscan

Flowscan is somewhat interesting in that it acts more as a generalized tool for visualizing NetFlow data rather than collecting and aggregating it for later analysis. By its very nature there's a slight delay, but it does an excellent job gathering up and displaying the NetFlow statistics for you to admire visually almost on the fly!

Why do we recommend it?

It examines Netflow data and maintains counters to make sense of the collected information. Also, it generates meaningful reports that provide precise information about your traffic.

Most native to the GNU/Linux environment and requires a combo of collector and Perl script for the visual aspects, as well as a database component.

Who is it recommended for?

Ideal for GNU and Linux environments, and works well for network administrators who want reports on the processed flow data.

Pros:

Provides detailed visualization options for Netflow data
Users can build reports from collected data
Supports live monitoring

Cons:

Outdated when compared to similar tools available
Not as easy to use as competing tools
Live monitoring is delayed

Download link: https://www.caida.org/tools/utilities/flowscan/pub/

2. Cflowd

While Cflowd is no longer under active support and updates, it's still a pretty reliable offering that does all the basic collection, storage, and analysis of NetFlow data. It's a fairly barebones piece of software, but it does precisely what it needs to do.

Why do we recommend it?

Cflowd is a versatile tool for tracking the usage of web hosting, accounting, billing, network planning, data warehousing, and more. It analyses Netflow data across all these operations to provide in-depth insights.

It also has some modularity with a variety of other packages that can be used to modify what it can do and how to display data.

Who is it recommended for?

A good choice for ISPs and network engineers who are into capacity planning, trend analysis, and characterization of workloads.

Pros:

Features tools to aid in capacity planning and trend analysis
Simple install requirements
Leverages flow dump for faster data filtering

Cons:

Is considered abandonware – no longer supported as of 2004

Download link: https://www.caida.org/tools/measurement/cflowd/download/

3. NTop

Ntop is a solid choice that works well in both UNIX environments as well as Windows. It even includes support for Cisco-specific NetFlow features and sFlow as well! NTop is a particularly common choice as one of the more well-known open-source offerings for NetFlow collection and analysis.

Why do we recommend it?

Ntop comes with wide-ranging features like packet capture, traffic recording, network probe, and traffic analysis. It also integrates with leading tools like PagerDuty to provide high levels of flexibility.

NTop is somewhat unique in that the interface is purely web based and makes it a lot easier to navigate and manipulate via several client machines and, what's more, there's even a github variant for Mac OSX support!

Who is it recommended for?

Free for educational and not-for-profit organizations. It also works well for small and medium organizations.

Pros:

Open-source project with full transparency
Free version available alongside the enterprise version
Special licensing options for nonprofits and educational institutions

Cons:

User interface is easy to use, but could be improved upon

Download link: http://www.ntop.org/get-started/download/

4. EHNT

“Extreme Happy NetFlow Tool,” or EHNT, despite its rather quirky name is a simple and solid offering.

Why do we recommend it?

A useful tool for converting Netflow data streams to something more human-readable. It also operates in several modes and generates reports for many purposes.

It's just about as barebones as you can get, running with a simple terminal interface that basically just grabs NetFlow data and parses it into the most basic humanly-readable format that it can manage!

Who is it recommended for?

Ideal for network administrators who use operating routers for exporting NetFlow packets.

Pros:

Syntax is easy to learn
Can provide scheduled reports as often as every 60 seconds
Is easier to use than other command line Netflow analyzers

Cons:

Solely a command line tool, no GUI available
Only supports Netflow 5

Download link: http://ehnt.sourceforge.net/

5. Flow-tools

Flow-tools, often paired with FlowViewer which is pictured above, is another pretty straightforward and simple open-source NetFlow analysis program.

Coupled with FlowViewer, another open-source offering that works specifically with Flow-tools, it becomes another web-interface based option for easy perusal and visualization of NetFlow statistics.

Pros:

A complete toolset for Netflow data collection and processing
Allows users to create custom reports based on collected data
The project maintains a small but active team around it

Cons:

Steeper learning curve than similar tools

Download link:https://manpages.ubuntu.com/manpages/focal/man1/flow-tools.1.html

6. BPFT

BPFT is more of an add-on than its own standalone offering – it adds onto the libpcap library and uses, as the name implies, the Berkeley Packet Filter, BPF, mechanism for capturing IP traffic to perform NetFlow analysis.

Why do we recommend it?

This is a powerful tool for intrusion detection analysis. Specifically, it reduces large file packet captures to a small set of results.

Who is it recommended for?

Though it can be used both by admin and non-admin users, a certain amount of technical knowledge about CLI and filters is needed.

Pros:

Tested specifically for Free/Open BSD
Supports saving backups to local disk
Detailed tool, logs and stores all network information by default

Cons:

Only runs on Unix systems

Download link: http://bpft4.sourceforge.net/

7. Panoptis

Another open-source project for which development has tapered off but still a useful one for some needs. This particular program uses NetFlow data and analysis in an attempt to attempt to detect and, more importantly, stop DDoS style attacks on networks.

Why do we recommend it?

Panoptis is a handy tool for detecting and blocking DoS and DDoS attacks. It processes Netflow data in real-time to generate automated responses.

While work on the project may resume in the future, for now it's dead in the water, meaning it may or may not have much to offer for you.

Who is it recommended for?

It can be useful for network administrators who want a tool that will automatically detect DDoS attacks.

Pros:

Leverages Netflow data to detect and prevent DDoS attacks
Built to provide data for Network Intrusion Detection Systems (NIDS)
Well-documented, easy to deploy

Cons:

Is no longer being supported – the last update was in 2014

Download link: http://panoptis.sourceforge.net/

Conclusion

Many of these tools can more than suffice for many network environments, but there are many cases where they may fall short, too!

Be sure to assess each tool firsthand and consider your network and the importance of each aspect of tracking and analysis – admins who are running non-critical systems or have a smaller environment that isn't as easily crippled financially by an outage may find little issue here, but those overseeing multiple data-centers, or huge customer-facing servers may hesitate to put their well-being in the hands of the options above.

Individuals dealing with heavier or more strict and rigid environments would be best suited to check out some of the paid options, which tend to offer free trials and demos and can more than be worth their sometimes hefty cost.

Open Source Netflow Analyzers FAQs

What is the Netflow protocol?

The Netflow protocol is a network protocol developed by Cisco that allows network devices, such as routers and switches, to collect and export information about network traffic flows. This information can include details about source and destination IP addresses, packet counts and sizes, and protocols used.

What are some popular Netflow Analyzers?

Some popular Netflow Analyzers include:

SolarWinds NetFlow Traffic Analyzer
Paessler PRTG Network Monitor
ManageEngine NetFlow Analyzer
Scrutinizer NetFlow and sFlow Analyzer
Kentik Detect

What information can I gather using a Netflow Analyzer?

A Netflow Analyzer can provide detailed information about network traffic, including:

Top talkers and protocols
Traffic volumes and bandwidth usage
Applications and hosts consuming network resources
Network usage patterns and trends
Security threats and anomalies

How does a Netflow Analyzer work?

A Netflow Analyzer works by collecting flow data from network devices that support the Netflow protocol, such as routers and switches. It then processes and analyzes this data to provide insights into network traffic patterns and usage. Some Netflow Analyzers can also perform additional functions, such as monitoring network performance and identifying security threats.

What are some common errors I might encounter when using a Netflow Analyzer?

Some common errors you might encounter when using a Netflow Analyzer include:

Configuration errors that prevent the Netflow data from being properly collected or analyzed
Network connectivity issues that prevent the Netflow data from being transmitted or received
Incorrect or incomplete data that can result in inaccurate or misleading analysis
Insufficient hardware resources, such as CPU or memory, that can impact the performance of the Netflow Analyzer.

Related Post: Best Penetration Testing Tools