Flow collection and analysis
mel at beckman.org
Tue Jan 25 16:44:49 UTC 2022
We use, depending on the situation, Intermapper, PRTG, and NTop.
Intermapper has the most powerful viewing app, but it’s expensive in that you have to pay for each flow collector. It’s an actual app (Windows, Mac, and Linux), rather than a web-based interface, so they can do more tricks with the GUI, like drill down and sorting.
PRTG includes its web-based flow collector and viewer for free, and there is even a free 100-sensor edition of the product that lets you use just the flow stuff fir free forever.
NTop is an open source web-based flow sensor and viewer, with a combo paid license model specifically for the flow collection. It connects directly to a mirror port and sucks up the flow info, where is the other products required to have some hardware device that exports flows. But you can get dirt cheap used Cisco routers that do this, such as the 1941, which although bulky do the job for a few hundred bucks. Once you get into 10 Gb speeds though you need dedicated hardware sensors in newer gear, which is pretty pricey. But if you have 10 Gb traffic you can afford it :-)
Ntop also has a commercial arm called Nbox, Which has a range of hardware based ready to go solutions. However it’s all supported out of Italy, and pretty much by one guy, so we’ve had uneven results with customers that purchased it.
> On Jan 25, 2022, at 8:30 AM, Laura Smith via NANOG <nanog at nanog.org> wrote:
> On Tuesday, January 25th, 2022 at 15:46, David Bass <davidbass570 at gmail.com> wrote:
>> Wondering what others in the small to medium sized networks out there are using these days for netflow data collection, and your opinion on the tool?
> Not a suggestion, but a question ....
> Curious to know if anyone (apart from Cloudflare, obvs !) is using Goflow ? (https://github.com/cloudflare/goflow)
More information about the NANOG