Netflow Collecting and Analysis is a great way to find out what's going on in your network and see who all the bandwidth hogs are within your organization. Capturing Flow packets and studying them will help you find out where all your bandwidth is getting allocated and how to further stop abuse in your organization.
We've seen many instances when the internet has been crippled by someone streaming Youtube or worse more, downloading Torrents illegally within the LAN environment. Catching these bandwidth hogs using one of the mentioned software packages below will help you in clamping down your network and getting rid of unwanted bandwidth usage and save you money in the long run.
Before you can analyze the data, you have to capture it to begin with. By default, your networking gear may not be capturing this information, but it should be fairly easy to turn the feature on. Here are instructions to enable tracking on Cisco and Juniper equipment. Check with your own manufacturer for similar instructions, or even a tech community like SpiceWorks. Some of the tools we’ll discuss also have guides included to get you started.
Top NetFlow Analysis & Collection Tools & Software:
All of the tools below are free, although usually at the expense of some of the more advanced features. If you only need to find your bandwidth hogs, they should be fine. If you’re looking to lock down every single packet or find packet loss in your network, they’re probably not; you’ll have to purchase the full versions for that kind of monitoring and control.
1. SolarWinds NetFlow Traffic Analyzer
SolarWinds makes great tools for managing your entire network, from servers to VMs to network traffic. The full suite allows you to keep tabs on all your devices wherever they may be and send alerts when something goes awry. The NetFlow traffic analyzer is only a part of that larger suite, but it will analyze the network traffic in real-time and show you any issues it finds.
The NTA from Solarwinds has full functionality to analyze other flow protocols, including sFlow, J-FLow, ipfix and Netstream as well. It offers a wide variety of customization and other standard features out of the box that many other software platforms don't come with.
We Recommend you Download it and try it for FREE to familiarize yourself better with its capabilities!
2. Paessler PRTG
Much like SolarWinds, PRTG is a full-service monitoring solution, but their service is 100% free forever.
Unlike SolarWinds, which only allows limited access to one tool in the toolbox, PRTG offers users 100 free “sensors” and has been noted to be a suitable alternative to many open-source packages.
A sensor can be any part of your network, whether it’s bandwidth analysis on a switch or server, an up-time monitor, CPU and Processor usage, etc.
If you outgrow its free capabilities, you need only buy more sensors at a reasonable rate.
3. ManageEngine NetFlow Analyzer Professional
ManageEngine’s free NetFlow Analyzer makes it easy to view and understand your traffic at a glance.
The clean interface and helpful graphs give you all the information you need right away, and the automatic recognition of suspicious activity is very helpful.
The free edition will only monitor two interfaces at once.
4. Plixer NetFlow Traffic Analyzer
Plixer Scrutinizer will show you a comprehensive snapshot of your network as it currently exists, but the free version only shows the last five hours’ worth of data, making long-term analysis impossible without purchasing the full version.
Still, the amount of data available is pretty impressive and it’s presented in such a way that it’s not difficult to pick apart and understand what’s happening.
Of course, maybe you’re not interested in all those fancy bar graphs and pie charts. Maybe you just want to dig right into the raw data and pick it apart that way. If that’s what you need to accomplish, there’s no better tool than Wireshark.
The learning curve is extremely steep, but once you know what you’re doing, Wireshark will give you as much information as you can handle, and then some.
The hardest part about Wireshark is actually filtering out all the extraneous data that you don’t need in order to make sense of what’s left. For the true network professional, there’s nothing quite like it.
NetVizura NetFlow Analyzer is a solution for better understanding of bandwidth consumption, traffic trends, applications, hosts and traffic patterns, by visualizing the traffic by networking devices, interface ports and sub networks, traffic segments and clients.
NetVizura uses primarily NetFlow but has functionality for IPfix, NSEL, sFlow and compatible flow protocols to help with analysis of Bandwith usage, packet sniffing and reporting features.
Enabling networks and applications optimization, planning network expansion, and saving time needed for troubleshooting and diagnostics and improving security leads to considerably lowering company operational costs and increasing network team productivity.
The main use cases for NetVizura NetFlow Analyzer are:
- Bandwidth Consumption Analysis – if there are interfaces that are overloaded and over-conjested, you can dive into reasons why this happened
- Specific (Custom) Traffic Monitoring – if there are some vital segments of your traffic (such as servers, services, sites or clients) that you would like to monitor and that are not visible to standard NMS solutions
- End User Monitoring – quickly discover who is behind IP, see how employees are using your network for better optimization and planning, if there is any misuse or abuse of network resources
- Security Incidents Alarming & Diagnostics – If there are some anomalies in your traffic you can detect them fast and easy (such as DDoS, Data leak, Port scan, Blackoling review, Employee abuse), and find out the causes for these anomalies