As Network engineers and Administrators, many of us are consistently dealing with issues that aren't always as apparent as they seem.
This is where analyzing network traffic comes in handy using packet sniffing techniques.
So the question then comes: what is NetFlow and what are Network Analyzers?
NetFlow Analyzers and Collectors are very useful tools to assist in monitoring and analyzing network traffic data to help you manage these issues and potentially stop them before they become major problems.
NetFlow analyzers allow you to pinpoint machines and devices that are hogging bandwidth, to find bottlenecks in your system, and, ultimately, to improve your network’s overall efficiency.
Here is our list of the Top Free NetFlow Analyzers and Collectors:
- SolarWinds Real-Time NetFlow Analyzer – FREE TOOL A free tool to view network traffic statistics by type, conversation, app, domain, endpoint, and protocol. Installs on Windows Server.
- Site24x7 Network Monitoring – FREE TRIAL A network performance and traffic monitoring system that is delivered from the cloud. Available for free for 30 days.
- Paessler PRTG – A collection of system monitors that includes a packet sniffer tool and is free for up to 100 sensors. Installs on Windows Server.
- Colasoft Capsa Free A packet analyzer with lots of graphical interpretations. Installs on Windows.
- Angry IP Scanner A well-known and widely used free packet analyzer that includes an IP address manager and port scanner. Installs on Windows, macOS, and Linux.
- ManageEngine NetFlow Analyzer A comprehensive bandwidth monitor with a free edition that is limited to two interfaces. Installs on Windows Server and Linux.
- The Dude A free network monitor that is particularly strong on network mapping. Installs on Windows, Linux, and macOS.
- Plixer Scrutinizer A traffic analyzer with strong intrusion detection features. Installs as a virtual machine or can be taken as a cloud service.
- Wireshark A widely-used free network packet sniffer that includes a packet viewer with a protocol analyzer. Runs on Linux, Windows, macOS, and Solaris.
- nProbe A NetFlow probe and collector that is usually partnered with a separate front-end data analyzer. Installs on Windows and Linux.
The term “NetFlow” refers to a Cisco proprietary protocol for collecting information about IP traffic and for monitoring network traffic; NetFlow has become the industry standard protocol for flow technologies.
NetFlow software collects and analyzes this flow data generated by routers, and presents it in a user-friendly format.
A few other network vendors have their own protocols for network traffic data monitoring and collecting.
For example Juniper, another highly respected network device vendor, calls their protocol “J-Flow.”
There are many analyzers and collectors available, and in this article, we will discuss 10 commercial and free NetFlow analyzers and collectors available for Windows.
Most of the NetFlow software vendors listed below have instructions on how to enable NetFlow on various manufacturer’s devices. Your device manufacturer’s documentation should also have this information.
Here's the Best NetFlow Analyzers & Collectors of 2021:
The Free Real-Time NetFlow Analyzer from SolarWinds is one of the more popular tools available to download free.
This tool allows you to sort, graph, and display data in various ways that allow you to visualize and analyze your network traffic.
It is great for tasks such as seeing network traffic by type and for specified periods of time, and running tests to see how much bandwidth various applications consume.
This free tool limits you to one NetFlow interface monitoring and keeps only 60 minutes of data. The Reat-Time NetFlow Analyzer from SolarWinds is a powerful tool that is definitely worth the download.
Site24x7 is a cloud-based service that is able to monitor systems that are located on-premises or in the cloud. The system queries network switches in order to gain status information and, by another method, to gain traffic statistics.
The traffic monitoring service included in Site24x7 packages uses a range of communication protocols, including NetFlow, IPFIX, J-Flow, AppSteam, sFlow, CFlow, and AppFlow. These languages are used by the network equipment provided by more than 200 vendors.
The data gathered by agents on site is uploaded to the Site24x7 servers where it is processed and then shown in the system dashboard. Traffic volumes are shown live and also stored for time-series historical analysis.
Site24x7 offers a range of monitoring bundles, each focusing on a different aspect of IT systems. All of these bundles include the network traffic monitoring module. All of those plans are available for a 30-day free trial.
PRTG by Paessler provides many useful features. It includes support for monitoring LAN, WAN, VPN, as well as application, virtual server, QoS, and environmental monitoring.
It comes with the capability to do Multiple Site Monitoring.
PRTG uses SNMP, WMI, NetFlow, sFlow, jFlow, and Packet Sniffing to monitor Bandwidth, along with uptime/downtime monitoring and IPv6 support. The Freeware version gives you 30 days of unlimited sensors, then 100 sensors free after that.
4. Colasoft Capsa Free
This freeware network analyzer from Colasoft allows you to identify and monitor specific protocols — it supports over 300 network protocols — and create customizable reports.
It includes email monitoring and a TCP timing sequence chart, all combined into you own customized dashboard.
Other features include network security analysis, such as DoS/DDoS attack, worm activity, and ARP attack detection; packet decoding and information display; statistics on each host on network; and conversation monitoring and packet stream reconstruction.
Capsa Free supports all 32bit and 64bit versions of Windows XP, with a minimum of 2GB RAM and 2.8GHz CPU.
You will need NDIS 3 or higher compatible Ethernet, Fast Ethernet, or Gigabit with promiscuous mode driver- this mode lets it passively capture all packets on an Ethernet wire.
5. Angry IP Scanner
Angry IP Scanner is a lightweight, open-source network scanner that is fast and easy to use. It does not require installation and can be used with Linux, Windows, and Mac OSX.
It operates by simply pinging each IP address and can resolve host-name, determine MAC address, scan ports, provide NetBIOS information, determine logged-in user on Windows systems, web server detection, and more.
Its capabilities can be expanded with Java plugins. Data from scans can be saved to CSV, TXT, XML or IP-Port files. A very useful, portable network scanner.
6. ManageEngine NetFlow Analyzer
This is ManageEngines’s full-featured version of their NetFlow software. It is a powerful piece of software, with a full range of analysis and collection capabilities.
They include real-time bandwidth monitoring and threshold alarms for set bandwidth usage, usage summaries, application and protocol monitoring, and much more.
The free version includes 30-days of unlimited monitoring, and after that it allows for monitoring of only two interfaces.
System requirements for ManageEngine’s NetFlow Analyzer depend on the flow rate.
At a minimum, for a flow rate of 0 to 3000 flows per second, the recommended requirements are a 2.4 GHz Quad Core Processor with 4GB RAM and 200GB of hard-disk space.
The requirements go up as you increase the flow rate you wish to capture.
7. The Dude
Despite a name that brings images of someone sitting on the beach, avoiding work of any sort, and completely out of touch with the world, this application is, in fact, a popular and useful network monitor developed by MikroTik.
It automatically scans all devices and draws a map of the network. It monitors servers running on devices and alerts you in case of a problem.
Other features include auto-discovery and mapping of new devices, the ability for you to draw your own maps, provides you access to tools to remotely manage your devices, and more.
It runs on Windows, Linux Wine, and MacOS Darwine.
8. Plixer Scrutinizer
This full-featured traffic analysis tool provides you with the ability to comprehensively capture and analyze your network traffic and to find and stop errors quickly and efficiently.
With Scrutinizer, you can filter and drill down in nearly any way you can imagine, including time frame, host, application, protocol, and much more.
The free version allows you to monitor an unlimited amount of interfaces and store up to 24 hours of data.
Wireshark is a powerful network analyzer with features that rival other free or paid services. It is cross-platform and can run on Linux, Windows, MacOS X, Solaris, and other platforms. Wireshark lets you view captured data via a GUI, or you can use the TTY-mode TShark utility.
Its features include capture and analysis of VoIP traffic, show live data from Ethernet, IEEE 802.11, Bluetooth, USB, Frame Relay, and others, output data to XML, PostScript, CSV, or plain text, decryption support, and much more.
System requirements include Windows XP and up, any modern 64/32bit processor, 400MB available RAM, and 300MB disk space. Wireshark NetFlow Analyzer is a powerful, must-have tool for any network administrator’s toolkit.
nProbe by ntop is a full-featured open-source NetFlow capture and analysis application.
Although it may not have as many of the visual bells-and-whistles like those of other applications on this list, that does not mean it is lacking in any features or capabilities.
Some of these include support for IPv4 and IPv6, Cisco NetFlow v9/IPFIX, NetFlow-Lite support, VoIP traffic analysis, flow and packet sampling, generating logs of web, MySQL/Oracle and DNS activity, and many more features. The software is free if you download and compile on Linux or Windows (http://packages.ntop.org/).
The executable binary installation file limits data capture to 2000 packets. (It is completely free for universities, education users, and non-profit and research organizations.) nProbe will run on Linux and Windows 64bit OS platforms.
This comprehensive list of 10 free NetFlow analyzers and collectors should give you the ability to quickly begin monitoring and troubleshooting your network, from a small office LAN to a large, multi-site enterprise WAN.
(Locate instructions on how to enable NetFlow for your respective devices within the documentation for the application you choose, or if not there, then on the manufacturer’s website.)
If your looking for an open-source variation, see our list of some here.
Each application gives you the ability to monitor and analyze traffic on your network, key to finding small errors before they turn into big ones, pinpoint bandwidth anomalies that can be indicative of security threats, visualize your network and its traffic flow, and much, much more.
What you can do with the data these Network Analyzers give you is limitless. A must-have piece of software for all network administrators.
Top 10 Free Netflow Analyzers Rated and Reviewed - The winner takes all!