This is where analyzing network traffic comes in handy using packet sniffing techniques.
So the question then comes: what is NetFlow and what are Network Analyzers?
NetFlow Analyzers and Collectors are very useful tools to assist in monitoring and analyzing network traffic data to help you manage these issues and potentially stop them before they become major problems.
NetFlow analyzers allow you to pinpoint machines and devices that are hogging bandwidth, to find bottlenecks in your system, and, ultimately, to improve your network’s overall efficiency.
Here is our list of the Top Free NetFlow Analyzers and Collectors:
- SolarWinds Traffic Analyzer – EDITOR'S CHOICE This package of network monitoring and management tools tracks traffic patterns on the network and on VMWare vSphere implementations. Free for 30 days, thanks to a trial. Runs on Windows Server. Start 30-day free trial.
- Site24x7 Network Monitoring – FREE TRIAL A network performance and traffic monitoring system that is delivered from the cloud. Available for free for 30 days.
- Paessler PRTG – FREE TRIAL A collection of system monitors that includes a packet sniffer tool and is free for up to 100 sensors. Installs on Windows Server. Start 30-day free trial.
- ManageEngine NetFlow Analyzer – FREE TRIAL A comprehensive bandwidth monitor with a free edition that is limited to two interfaces. Installs on Windows Server and Linux. Start a 30-day free trial.
- Colasoft Capsa Free A packet analyzer with lots of graphical interpretations. Installs on Windows.
- Angry IP Scanner A well-known and widely used free packet analyzer that includes an IP address manager and port scanner. Installs on Windows, macOS, and Linux.
- The Dude A free network monitor that is particularly strong on network mapping. Installs on Windows, Linux, and macOS.
- Noction Flow Analyzer This package of network traffic monitoring and capacity planning services by focusing on data extracted from switches and routers with a range of communications protocols, including NetFlow. Runs on Linux.
- Plixer Scrutinizer A traffic analyzer with strong intrusion detection features. Installs as a virtual machine or can be taken as a cloud service.
- Wireshark A widely-used free network packet sniffer that includes a packet viewer with a protocol analyzer. Runs on Linux, Windows, macOS, and Solaris.
- nProbe A NetFlow probe and collector that is usually partnered with a separate front-end data analyzer. Installs on Windows and Linux.
The term “NetFlow” refers to a Cisco proprietary protocol for collecting information about IP traffic and for monitoring network traffic; NetFlow has become the industry standard protocol for flow technologies.
NetFlow software collects and analyzes this flow data generated by routers, and presents it in a user-friendly format.
A few other network vendors have their own protocols for network traffic data monitoring and collecting.
For example, Juniper, another highly respected network device vendor, calls their protocol “J-Flow.”
There are many analyzers and collectors available, and in this article, we will discuss 10 commercial and free NetFlow analyzers and collectors available for Windows.
What should you look for in free network analyzers?
We reviewed the market for free NetFlow traffic monitoring tools for Windows and Linux and analyzed the options based on the following criteria:
- A reliable service
- A system that includes packet capture capabilities
- A service that enables passing packets to be viewed
- An analysis function that allows packets from specific sources and destinations to be selected
- The ability to select packets by destination port number for protocol analysis
- Nice to have additional functions such as traffic shaping tools
- Free tools that are easy to install or the free versions of paid tools
With these selection criteria in mind, we have found some impressive free tools and the free versions of paid tools that have been in circulation for a while and have been tried and tested. We managed to find NetFlow analyzers that can be run on macOS as well as tools for Windows and Linux.
Most of the NetFlow software vendors listed below have instructions on how to enable NetFlow on various manufacturer’s devices. Your device manufacturer’s documentation should also have this information.
Here's the Best NetFlow Analyzers & Collectors:
SolarWinds NetFlow Traffic Analyzer is a specialized bandwidth monitoring tool that gathers data by communicating with switches and routers. The monitor uses NetFlow, J-Flow, sFlow, NetStream, and IPFIX when communicating with devices. This enables it to support multi-vendor environments.
- NetFlow, J-Flow, sFlow, NetStream, and IPFIX
- Packet sampling
- End-to-end path analysis
- Capacity planning
- Traffic shaping
The service selects key information from packet headers when it compiles its traffic flow statistics. This means that you can get traffic data segmented by source and destination and by protocol or application. With this, you will be able to work out which application is generating the most traffic and how traffic trends are changing per application. The package also enables you to implement traffic shaping methods to get the most value out of your physical infrastructure. This package installs on Windows Server. This is a paid tool but you can use it on a 30-day free trial.
- Bandwidth monitoring
- Live status graphs
- Historical analysis of stored traffic data
- Implementation support for traffic-shaping measures
- VMWare vSphere monitoring
- Free only for 30 days
SolarWinds NetFlow Traffic Analyzer is our top choice because it performs live traffic monitoring as well as storing data for later analysis. This tool is able to show links that get overloaded by recording the capacity and load for each network device. The package can segment traffic data by protocol and endpoint, enabling you to see which is the greatest source of traffic. The NetFlow Traffic Analyzer can communicate with network devices using the NetFlow, sFlow, J-Flow, NetStream, and IPFIX protocols.
OS: Windows Server
Start 30-day Free Trial: https://www.solarwinds.com/netflow-traffic-analyzer/registration
Site24x7 is a cloud-based service that is able to monitor systems that are located on-premises or in the cloud. The system queries network switches in order to gain status information and, by another method, to gain traffic statistics.
- Centralize monitoring for sites
- NetFlow, IPFIX, J-Flow, AppSteam, sFlow, cflow, and AppFlow
- Network discovery
The traffic monitoring service included in Site24x7 packages uses a range of communication protocols, including NetFlow, IPFIX, J-Flow, AppSteam, sFlow, CFlow, and AppFlow. These languages are used by the network equipment provided by more than 200 vendors.
The data gathered by agents on site is uploaded to the Site24x7 servers where it is processed and then shown in the system dashboard. Traffic volumes are shown live and also stored for time-series historical analysis.
- An all in one solution, supporting network, infrastructure, and real user monitoring in a single platform
- Uses real-time data to discover devices and build charts, network maps, and inventory reports
- Is one of the most user-friendly network monitoring tools available
- User monitoring can help bridge the gap between technical issues, user behavior, and business metrics
- Supports a freeware version for testing – great for small businesses too
- Is a very detailed platform that will require time to fully learn all of its features and options
Site24x7 offers a range of monitoring bundles, each focusing on a different aspect of IT systems. All of these bundles include the network traffic monitoring module. All of those plans are available for a 30-day free trial.
Official site: https://www.site24x7.com/network-traffic-monitoring.html
Paessler PRTG provides many useful features. It includes support for monitoring LAN, WAN, VPN, as well as application, virtual server, QoS, and environmental monitoring.
- Free version
- Flexible package
- NetFlow, sFlow, jFlow, and packet sniffing
It comes with the capability to do Multiple Site Monitoring.
- Uses a combination of packet sniffing, WMI, and SNMP to report network performance data
- Fully customizable dashboard is great for both lone administrators as well as NOC teams
- Drag and drop editor makes it easy to build custom views and reports
- Supports a wide range of alert mediums such as SMS, email, and third-party integrations into platforms like Slack
- Each sensor is specifically designed to monitor each application, for example, there are prebuilt sensors whose specific purpose is to capture and monitor VoIP activity
- Supports a freeware version
- Is a very comprehensive platform with many features and moving parts that require time to learn
PRTG uses SNMP, WMI, NetFlow, sFlow, jFlow, and Packet Sniffing to monitor Bandwidth, along with uptime/downtime monitoring and IPv6 support. The Freeware version gives you 30 days of unlimited sensors, then 100 sensors free after that.
In summary, Paessler PRTG is a very flexible package. The bundle of tools can be customized so you get a lot more than bandwidth analysis services. Add on network performance monitoring and server monitoring to get a complete, automated system monitoring package. The traffic tracking system offers monitoring with NetFlow v5 and v9, plus IPFIX, sFlow, J-Flow, SNMP, and WMI. Set up alerts so that you can leave the tracking of regular activity to PRTG, knowing that you will be brought back to the console if problems start to evolve. You can start with a 30-day free trial.
This is ManageEngines’s full-featured version of their NetFlow Analyzer. It is a powerful piece of software, with a full range of analysis and collection capabilities.
They include real-time bandwidth monitoring and threshold alarms for set bandwidth usage, usage summaries, application and protocol monitoring, and much more.
- Cisco NBAR categorization
- Traffic shaping
- NetFlow, sFlow, J-Flow, IPFIX, Netstream, and AppFlow
System requirements for ManageEngine NetFlow Analyzer depend on the flow rate.
At a minimum, for a flow rate of 0 to 3000 flows per second, the recommended requirements are a 2.4 GHz Quad Core Processor with 4GB RAM and 200GB of hard-disk space.
The requirements go up as you increase the flow rate you wish to capture.
- Supports multiple protocols like NetFlow, great for monitoring Cisco equipment
Both tools work well alongside each other to help view traffic patterns and bandwidth usage
- Easy to use interface automatically highlights bandwidth hogs and other network traffic outliers
- Scale well, designed for large enterprise networks
- Can view traffic on a per-hop basis, allowing for granular traffic analysis
- Built for enterprise use, not designed for small home networks
Price: The free trial version includes 30-days of unlimited monitoring, and after that it allows for monitoring of only two interfaces.
5. Colasoft Capsa Free
This freeware network analyzer from Colasoft allows you to identify and monitor specific protocols — it supports over 300 network protocols — and create customizable reports.
It includes email monitoring and a TCP timing sequence chart, all combined into you own customized dashboard.
- Basic monitoring
- Protocol analysis
- Live traffic maps
Other features include network security analysis, such as DoS/DDoS attack, worm activity, and ARP attack detection; packet decoding and information display; statistics on each host on network; and conversation monitoring and packet stream reconstruction.
Capsa Free supports all 32bit and 64bit versions of Windows XP, with a minimum of 2GB RAM and 2.8GHz CPU.
You will need NDIS 3 or higher compatible Ethernet, Fast Ethernet, or Gigabit with promiscuous mode driver- this mode lets it passively capture all packets on an Ethernet wire.
- Supports over 1800 protocols for monitoring
- Offers analysis for VoIP performance problems
- Insights automatically highlight potential attacks and abnormalities
- The interface can feel cluttered, especially when monitoring larger networks
6. Angry IP Scanner
Angry IP Scanner is a lightweight, open-source network scanner that is fast and easy to use. It does not require installation and can be used with Linux, Windows, and Mac OSX.
- Ping based
- Device discovery
- DNS resolution
It operates by simply pinging each IP address and can resolve host-name, determine MAC address, scan ports, provide NetBIOS information, determine logged-in user on Windows systems, web server detection, and more.
Its capabilities can be expanded with Java plugins. Data from scans can be saved to CSV, TXT, XML or IP-Port files. A very useful, portable network scanner.
- One of the easiest tools to use on the market
- Great for small networks and home use
- Can output in multiple formats, giving more flexibility than CLI tools
- Offers DNS and hostname metrics
- The interface doesn’t scale well on enterprise size networks
- Lacks graphing capabilities
Related Post: Best IP and Port Service Scanners
7. The Dude
Despite a name that brings images of someone sitting on the beach, avoiding work of any sort, and completely out of touch with the world, this application is, in fact, a popular and useful network monitor developed by MikroTik.
- Network discovery
- Topology mapping
- Live network monitoring
It automatically scans all devices and draws a map of the network. It monitors servers running on devices and alerts you in case of a problem.
Other features include auto-discovery and mapping of new devices, the ability for you to draw your own maps, provides you access to tools to remotely manage your devices, and more.
It runs on Windows, Linux Wine, and MacOS Darwine.
- Installs on Windows, Linux, and Mac
- Can ingest SNMP alerts, ICMP requests, and DNS queries, giving you a wide variety of log collection options
- Utilizes autodiscovery for network mapping and device identification
- Supports log forwarding to other servers or applications
- Not as lightweight as some other NetFlow analyzers
- The interface can be challenging to learn for new users
Related Post: Best Linux Network Monitor Software
8. Noction Flow Analyzer – FREE TRIAL
Noction Flow Analyzer collects network traffic data from switches and routers by using the major IP flow statistical protocols. These are:
NetFlow, developed by Cisco Systems is the most important of these as it was the first and all of the others are based on it. With these communication capabilities, the Flow Analyzer can get traffic data from practically any devices exporting flow, including ones produced by Netgear, Juniper Networks, Cisco Systems, Hewlett Packard Enterprise, Brocade, Extreme Networks, Dell, Arista, and Huawei.
- Live traffic monitoring
- Historical analysis
The monitoring package provides live traffic data displays, historical analysis of stored traffic data for capacity planning, and network performance monitoring with an alerting mechanism that gets triggered by arising problems.
- The ability to extract traffic statistics from a wide range of network device models
- Live traffic monitoring
- Live network performance monitoring
- Capacity planning analysis functions
- Alerts for network performance problems
- No version for Windows Server
Noction Flow Analyzer installs on Linux, specifically, Ubuntu, CentOS, and RHEL. You can get a free trial of the package.
Official site: https://www.noction.com/flow-analyzer
9. Plixer Scrutinizer
This full-featured traffic analysis tool provides you with the ability to comprehensively capture and analyze your network traffic and to find and stop errors quickly and efficiently.
- Performance and traffic monitoring
- Security monitoring
- NetFlow, sFlow, J-Flow, and IPFIX
With Scrutinizer, you can filter and drill down in nearly any way you can imagine, including time frame, host, application, protocol, and much more.
- Offers multiple deployment options
- Designed to support large enterprise networks
- Offers additional security-related traffic analysis features
- Uses a considerable amount of system resources
- Must reach out to sales for pricing
- Steeper learning curve than similar tools on the market
This extensive network system offers performance, traffic, and security monitoring and it also provides mapping and analysis functions.
Wireshark is a powerful network analyzer with features that rival other free or paid services. It is cross-platform and can run on Linux, Windows, MacOS X, Solaris, and other platforms. Wireshark lets you view captured data via a GUI, or you can use the TTY-mode TShark utility.
- Live packet capture
- Searching and filtering
- Packet content views
Its features include capture and analysis of VoIP traffic, show live data from Ethernet, IEEE 802.11, Bluetooth, USB, Frame Relay, and others, output data to XML, PostScript, CSV, or plain text, decryption support, and much more.
System requirements include Windows XP and up, any modern 64/32bit processor, 400MB available RAM, and 300MB disk space. Wireshark NetFlow Analyzer is a powerful, must-have tool for any network administrator’s toolkit.
- One of the most popular sniffer tools, with a massive community behind it
- Open-source project that adds new features and plugins
- Supports packet collection and analysis in the same program
- Has a steep learning curve, designed for network professionals
- Filtering can take time to learn, collects everything by default which can be overwhelming on large networks
nProbe by ntop is a full-featured open-source NetFlow capture and analysis application.
Although it may not have as many of the visual bells-and-whistles like those of other applications on this list, that does not mean it is lacking in any features or capabilities.
- Live traffic analysis
- VoIP quality of service
- NetFlow and IPFIX
The executable binary installation file limits data capture to 2000 packets. (It is completely free for universities, education users, and non-profit and research organizations.) nProbe will run on Linux and Windows 64bit OS platforms.
- Open source tool, highly customizable
- Supports multiple flow protocols
- Great option for Unix/MacOS
- Free options for education and non-profit organizations
- Has a steep learning curve, especially for non-technical users
- Fully functional version is behind a paywall
Some of these include support for IPv4 and IPv6, Cisco NetFlow v9/IPFIX, NetFlow-Lite support, VoIP traffic analysis, flow and packet sampling, generating logs of web, MySQL/Oracle and DNS activity, and many more features. The software is free if you download and compile on Linux or Windows (http://packages.ntop.org/).
This comprehensive list of 10 free NetFlow analyzers and collectors should give you the ability to quickly begin monitoring and troubleshooting your network, from a small office LAN to a large, multi-site enterprise WAN.
(Locate instructions on how to enable NetFlow for your respective devices within the documentation for the application you choose, or if not there, then on the manufacturer’s website.)
If your looking for an open-source variation, see our list of some here.
Each application gives you the ability to monitor and analyze traffic on your network, key to finding small errors before they turn into big ones, pinpoint bandwidth anomalies that can be indicative of security threats, visualize your network and its traffic flow, and much, much more.
What you can do with the data these Network Analyzers give you is limitless. A must-have piece of software for all network administrators.
NetFlow analyzer FAQs
What is a NetFlow analyzer?
A NetFlow analyzer is a monitor for network traffic. NetFlow is a protocol that was developed by Cisco to use on its network devices and enables remote querying of data. There have since been similar protocols developed for the same purpose. The term “NetFlow analyzer” is now a generic term for traffic monitors and those tools can usually communicate with network devices in many protocols, not just NetFlow.
Is NetFlow open source?
NetFlow is a proprietary standard owned by Cisco Systems. However, it is published and others can use the specification to develop software to communicate in the language. Cisco Systems participated in the development of IPFIX, which is an open standard that is maintained by the Internet Engineering Taskforce (IETF) and it supersedes NetFlow.
How do you use a NetFlow analyzer?
NetFlow analyzers are software packages and the usage instructions for each are different depending on which package you acquire. The NetFlow analyzer will be able to detect all devices on the network from its host. You will then have to enter access credentials for each device with which you want the system to communicate.
Top 10 Free Netflow Analyzers Rated and Reviewed - The winner takes all!