How does it work? At first, NetFlow protocol collects data from all the sensors, then these data are transferred into collectors, and as a result, the analyzer reads them and generates reports. In other words, NetFlow analyzer is a traffic monitoring and analytic tool that provides a real time view of how your network is being used. It helps you to find the bottlenecks in the system and enhances work efficiency.
There are many analyzers available. Every network engineer can find the best solution for his tasks. We will describe some popular free and commercial NetFlow analyzers below.
FlowTools – collection of programs that consist of collector and analyzer. It’s used to collect, send, process, and generate reports from NetFlow data. Works with 1,5,6,7,8 NetFlow versions. All data is saved in text format.
EHNT, the Extreme Happy Netflow Tool works with v5 only, easy to manage, but it has poor functionality. It shows NetFlow data in readable form, provides reports on top ASes, IP protocols, and tcp/udp ports.
NTopng – an open source web-based traffic analyzer that runs on most UNIX platforms and Microsoft Windows. It can be used as a flow collector. NTopng analyzes IP traffic and sorts it out, keeps stats, generates reports.
nProbe by nTop - nProbe includes both a NetFlow v5/v9/IPFIX analyzer and collector. So it can be used to collect and export data from any device, it analyzes multi-Gbit networks with no packet loss. It’s available for Linux, Windows. It supports a lot of features. See more on the official site.
Capsa Free Network Analyzer allows you to monitor network traffic, troubleshoot network issues and analyze packets. Features include support more than 300 network protocols, email monitoring and auto-save. A free version was developed only for non-commercial use.
Angry IP Scanner is a useful, portable open-source network scanner. It works with Linux, Windows, and Mac OSX and does not need installation. It can resolve hostname, determine a MAC address, scan ports, provide NetBIOS information, determine logged-in user on Windows systems, web server detection and more.
SolarWinds Real-Time NetFlow Traffic Analyzer It can sort, graph and display data in various ways. You can customize traffic reports and visualize data as you want. It fits for analyzing traffic by its type and defined period of time, sorts bandwidth by users, IPs, etc.
ManageEngine NetFlow Analyzer Professional is powerful, full-featured software where you’ll find all you need for monitoring and analyzing. It includes real-time bandwidth monitoring and threshold alarms for set bandwidth usage, usage summaries, application and protocol monitoring.
Plixer Scrutinizer –very flexible tool for monitoring and analyzing traffic. It allows peering deep inside the network and seeing all its weak points. It gives great traffic detailing and network incident response. You can sort traffic from different points of view including time frame, host, application, protocol, etc.
Splunk analyzer. It’s more than just an analyzer. It’s a full enterprise system for storage and analyzed machine data in real time. You can collect, store, index, search, correlate, visualize, analyze and make reports on any data to find and fix weak points quickly and effectively.
As we can see there is a great variety of analyzers from very simple ones to intelligent enterprise solutions. Everyone from small businesses to huge corporations could choose a solution that fits them. Using analyzers is a very important part of IT infrastructure protection and we must remember the basics: sensor, collector and analyzer. They don’t work without each other, they should all be together for the solution to be effective.