What is Netflow?
NetFlow is a popular networking protocol created by Cisco for the purpose of collecting IP traffic information and monitoring traffic on the network. Using Netflow, a snapshot of network traffic flow and volume can be built by analyzing flow data. Using a NetFlow collector and analyzer, you can see where network traffic is coming from and going to and how much traffic is being generated.
What is a Netflow Collector?
Cisco routers, switches and other devices that have the NetFlow feature enabled generate NetFlow records. Netflow records can be exported from the device and collected using a NetFlow collector. The NetFlow collector then processes the data to perform the traffic analysis and presentation in a user-friendly format. NetFlow collectors can take the form of hardware-based collectors (probes) or software-based collectors.
Most of the NetFlow software vendors listed below have instructions on how to enable NetFlow on various manufacturer’s devices. Your device manufacturer’s documentation should also have this information.
Solarwinds NetFlow Analyzer
One popular choice for collecting and managing Netflow traffic data is the Solarwinds NetFlow Traffic Analyzer. The free NetFlow Traffic Analyzer from SolarWinds allows you to sort, graph, and display data in various ways that allow you to visualize and analyze your network traffic. It is great for tasks such as seeing network traffic by type and for specified periods of time, and running tests to see how much bandwidth various applications consume. This free tool limits you to one NetFlow interface monitoring and keeps only 60 minutes of data. This Netflow Analyzer from SolarWinds is a powerful tool that is definitely worth the download.
Colasoft Capsa Free
Colasoft Capsa Free allows you to identify and monitor specific protocols. Colasoft supports over 300 network protocols, and sllows you to create customizable reports. It includes email monitoring and a TCP timing sequence chart, all combined into you own customized dashboard.
Other features include network security analysis, such as DoS/DDoS attack, worm activity, and ARP attack detection; packet decoding and information display; statistics on each host on network; and conversation monitoring and packet stream reconstruction. Capsa Free supports all 32bit and 64bit versions of Windows XP, with a minimum of 2GB RAM and 2.8GHz CPU. You will need NDIS 3 or higher compatible Ethernet, Fast Ethernet, or Gigabit with promiscuous mode driver- this mode lets it passively capture all packets on an Ethernet wire.
Wireshark
Wireshark is a powerful network analyzer with features that rival other free or paid services. It is cross-platform and can run on Linux, Windows, MacOS X, Solaris, and other platforms. Wireshark lets you view captured data via a GUI, or you can use the TTY-mode TShark utility.
Its features include capture and analysis of VoIP traffic, show live data from Ethernet, IEEE 802.11, Bluetooth, USB, Frame Relay, and others, output data to XML, PostScript, CSV, or plain text, decryption support, and much more. System requirements include Windows XP and up, any modern 64/32bit processor, 400MB available RAM, and 300MB disk space. Wireshark NetFlow Analyzer is a powerful, must-have tool for any network administrator’s toolkit.