Looking for a Free Open Source NetFlow Analyzers for Windows, Linux or Unix? Look no further, we’ve compiled the ultimate list of Open Source tools to help with your network monitoring tasks. As many of you already know, NetFlow is a protocol/standard developed by Cisco for collecting/transferring/analyzing network data using software packages to get a better understanding of what is happening on your network, along with further analysis of bandwidth usage, etc.
Netflow allows administrators to take the processing of network data away from switches and routers and send the flow packets and information to a collector that further analyzes that data to free up resources on the network device itself.
There are many commercial Netflow (or sflow, jflow, rflow, cflow, or netstream) that are Available for Free Download and use that we’ve recently detailed in this post that are also Free of charge too. These Software packages are great if you are just getting into network analysis using Netflow, as they are designed to be Very user friendly and can be setup in relatively little time. Check them out HERE if you want to see what they’re all about.
On the other hand, if your looking for an Open-Source alternative, you’re in luck – We’ve put together a large list of Free Open Source Netflow Analyzers/Collectors to help you collect, analyze and scrutinize traffic and bandwidth to help you keep track of whats going on in your network.
Using a open source network analyzer/collector allows you the flexibility of customizing the software packages and reports as you wish if necessary. These software packages can be used on a wide variety of operating systems including Windows and Linux/Unix.
Open Source Netflow Tools/Analyzers
NTop (or Ntopng)
Probably the most well-known open source traffic analyzers, Ntop, is a web-based tool that runs on Ubuntu x64 versions, CentOS/Redhat x64 Linux flavors, Windows x64 Operating systems, BeagleBoard ARM, Ubiquity networks EdgeRouter and even Mac OSX per their github site. nTopng also includes suuport for sFlow and IPFIX (through nProbe add-on), as its becoming a new standard that many manufacturers are using for flow analysis. RRD is used for databases and storing of data on a per-host level.
Flow-tools is a toolset that can be used to Collect, Send, Process and generate Reports for Netflow data flows and provides an API for developing custom features and applications. Flow Tools is hosted at http://flow-tools.googlecode.com.
Flowscan is more of a visualization tool that analyzes and reports Netflow data and can produce visual graphs that are in “near” real-time to see whats going on in your network. Flowscan can be deployed on a GNU/Linux or BSD system and uses some of the following packages in order to correctly collect and process flows: “cflowd” to as the flow collector, “flowscan” which is a perl script that makes up the software package itself (“FlowScan”) and is responsible for loading and executing reports and the last major component is “RRDtool” which is used to store all flow information in its database.
EHNT (which is pronounced “ent”) is an acronym for Extreme Happy NetFlow Tool. This is a commandline tool that supports Netflow Version 5 only and provides reports for intervals between 1 min to 24 hrs and provides information about Ip Protocols, TCP/UDP ports and more.
(which stands for Berlekey Packet Filter Traffic collector) is a built on top of the BPF “pseudo-device” and libpcap for capturing IP traffic, including Source/Destination IP’s & Ports, number of transmitted/received bytes which are all stored in one compact form binary file.
Maji is an implementation of an IPFIX meter which is based on libtrace, a packet capturing and processing library. Maji seems to have an array of information per their website and the latest release was from 07/2011. One of the major benefits to maji is the custom templates you can develop with as many elements included into them as you want, and can be exported via Network over SCTP/TCP/UDP, SQLite database or the terminal.
cflowd is a tool that is made for analyzing Netflow enabled devices and includes modules for collecting, storing and analyzing netflow data. Apparently cflowd is no longer being supported per their website, and is directing users to use flow-tools with FlowScan in order to take advantage of cflowd and its modules.
AnonTool is more of an anonymization tool for netflow v5 & v9 traces.
According to the sourceforge page, this project is no longer being developed or supported and was an open-source project that used NetFlow data to help detect and stop (Distributed) Denial of Service attacks. It is no longer support or being updated, so use at your own risk. Check out their Sourceforge page for more information and a download link.
pmGraph is a great open source tool for graphing and monitoring bandwidth using pmacct, which is a network monitoring and auditing tool. pmacct collects and monitors traffic using Netflow or Sflow on network devices (including firewalls, routers and switches) into a database and allows for analysis of that data using pmGraph. The software was developed by Aptivate staff and volunteers and looks to still be active.
sFlow toolkit is an open source software package the is used for analyzing sFlow data and can be used with other utilities including tcpdump, ntop and Snort for further analysis. “sflowtool” is the main component of the sFlow toolkit software and is a command-line utility that gives you the ability to view network traffic devices in real-time and interface with other software packages for mapping out graphical images of IP flow. sflowtool is also available for windows as well per their website.
NDSAD, which stands for NetUP’s Data Stream Accounting Daemon, was developed by NetUP as a tool to capture packets and generate Netflow v5 data streams and was specifically used for ISP billing purposes. The software still seems to be supported as well.
NFsen, which is short for Netflow Sensor, is a web-based front-end tool for nfdump to present the user a nice graphical image of all the data nfdump pumps out. You have the ability to generate reports of your netflow data with information including Flows, Packets and bytes using RRD database tool, as well as setup alerts and view historical data. nfsen project is still very active and can be downloaded from its Sourceforge page here and runs on any Unix/Linux systems. You’ll need PHP, PERL (along with Perl Mail::Header and Mail::Internet modules), RRD Tools module and Nfdump tools installed on your system in order to use it correctly.
If your not convinced that you’ve found any Open Source Netflow Analyzers that will suite your needs, due to either your skill level or understanding of Unix/Linux systems, you can always try one of these Free netflow software packages that we’ve recently reviewed that will work for Windows systems.
Most, if not all those downloads are free and can be setup and used very quickly – some of them also offer pro versions of the software that can be had for very little investment. Check them out and let us know what you think.