NetFlow analysis is a powerful tool when it comes to analyzing and assessing your network, the ingress and egress traffic of a network, and bandwidth to and from a device.
In a nutshell, NetFlow is a technology developed by Cisco that can either be built into various network hardware traffic devices or in standalone appliance form and allows the collection and analysis of traffic to a specified network.
There are a variety of tools that can do this, some free and some that are commercially available. In this specific article we are going to share the best Open Source Netflow Analyzers and Collectors because they are free and often times get the results you want.
Best Open Source Netflow Analyzers and Collectors:
Flowscan is different than some of the other tools in that, it doesn’t actually collect data for later analysis but rather acts as a tool for visualizing NetFlow data.
For that reason, there is a slight delay, but once all of the information is in there, it does an awesome job displaying the NetFlow statistics.
Flowscan works best with the GNU/Linux environments and requires Perl script for visual aspects as well as a database component.
Although no longer under active support and updates, Cflowd is still a great option that does all the collection, storage and analysis of NetFlow data.
Don’t expect anything fancy, it’s just a straight forward tool that does what it needs to do.
Ntop works well in both Windows and UNIX environments and includes support for Cisco-specific Netflow features and sFlow as well.
Ntop is a popular choice because the interface is completely web based which makes it easier to navigate and manipulate with several client machines.
“Extreme Happy NetFlow Tool.” If you didn’t know what EHNT stood for, now you do!
This is a solid open source choice because of its simple terminal interface that grabs NetFlow data and displays it in the easiest way possible.
Flow-tools and FlowViewer are often paired together and make an awesome Open Source network analyzer and collector tool.
They are also very easy and straightforward tool to help you visualize NetFlow statistics and data.
BPFT is not so much a standalone tool but more of an add-on.
It adds on to the libpcap library and uses the “Berkeley Packet Filter”, BPF, mechanism for capturing IP traffic to perform NetFlow analysis.
This tool also no longer has ongoing development but it is still available and is still a decent, free Open Source option.
Panoptis uses NetFlow data and analysis to attempt to detect and stop DDoS style attacks on networks.
As with any tool, you always want to be sure to assess the tool to make sure it works with your current systems and meets your needs.
For more complex environments with heavier traffic, it may be worth investing in a paid option.
Most of them offer free trials so that you can get a feel for the product before signing any contracts or payment terms.
However, you may find that one of these free Open Source options work for you, and that will save you money in return!