Netflow analyzer faq

NetFlow versus sFlow

SFlow has an ability to monitor L2-L7 headers, the ability to monitor L2 headers (MAC, VLAN ID) has been added to NetFlow v9.

Packet sampling is hardware based and is performed by switching ASICs, achieving wire speed performance. It makes sFlow a scalable technology which is able to monitor the links with the speed of up to 10 GBps.

sFlow datagrams are continuously sent across the network in real-time, while the export of NetFlow records depends on active/inactive timers. It may take up to 30 minutes to export flow when NetFlow is used. Obviously, sFlow is better in traffic visibility than NetFlow. It makes sFlow good at massive DoS attacks detection, as the sampled network patterns are sent on the fly to the sFlow collector.

Nevertheless, measurements provided by sFlow are only an approximation of the real traffic because sampled packets do not reflect all network traffic. As a result, sFlow lacks accuracy provided by NetFlow as it cannot track every network communication. The accuracy, however is highly required in digital forensics so sFlow cannot fully qualify for forensic investigation.

+ Steps for Upgrade from BUILD 9900/10000/10100/10200 to BUILD 10250

Download the service pack from the link given below and follow the instructions:

NOTE: Ensure you are on BUILD 9900 or above as the service pack can be applied only on top this BUILD.

  1. Shut down NetFlow Analyzer. If NetFlow Analyzer is running as a service, stop the service also.
  2. Navigate to <NetFlow_Home troubleshooting>. Execute «rawCleanup.bat» for Windows and «» for Linux.
  3. Copy the directory to a safe location. Note : This version involves JRE upgrade, Please follow the Step 4 without fail:
  4. Download the JRE upgrade pack by clicking on Relevant NetFlow installation and copy the same to (NetFlow\) directory: Note: To find the Installation, navigate to NetFlow_Home/jre/bin in a command and execute java -version for Window or ./java -version for Linux. If its is 64 bit 64-bit will be displayed in the output else its a 32 bit installation
    • 32 Bit Windows OS
    • 64 Bit Windows OS
    • 32 Bit Linux OS
    • 64 Bit Linux OS
  5. Execute the UpdateManager.bat (.sh in case of Linux) file present in the /bin directory.
  6. From the window that pops up, click Browse and select the service pack you downloaded.
  7. Click Install to install the service pack. This may take several minutes depending on the amount of data that needs to be migrated.
  8. Wait until the service pack is fully installed.
  9. Click Close and then click Exit to exit the Update Manager tool.
  10. Start the NetFlow Analyzer service.

Effective Network traffic Monitoring using NetFlow

«It does an excellent job of accumulating our data flows so I can acurately research problems in the WAN/LAN. Since It only keeps the headers it is very efficient regarding storage. The the groups work well to help fine tune Application performance.»

Dan Caluori, Teknor Apex

NetFlow Analyzer is a netflow monitoring tool which collects NetFlow packets or other supported flows exported from enterprise routers and switches, generating network traffic reports that help understand the nature of the network traffic and the bandwidth utilization, thus helpful in traffic analysis and bandwidth monitoring. NetFlow monitoring achieves a new level when a solution such as ManageEngine NetFlow Analyzer is aligned to Cisco technologies such as NetFlow, NBAR and CBQoS.

Apart from the NetFlow data analysis and reporting, NetFlow Analyzer includes a lot of that are useful in monitoring and reporting on the NetFlow data that is exported from several devices. These features offer a lot of benefits to enterprises as well as service providers.

NetFlow Analyzer Features

Faster troubleshooting

NetFlow monitoring software is not only about monitoring the network traffic but also a tool to help network administrators to troubleshoot faster. The ability to drill down the interfaces and the seeing the traffic, application, source, destination, conversation etc, helps a network administrator to gain an indepth visibility into the network traffic. More use cases on troubleshooting.

«It provides me with a near real time view of what is happening on our network and it greatly assists in diagnosing network issues»

Stuart Kett, SBS Bank

Validating QoS policies

Setting QoS policies has become a norm in the exterprises to optimize the bandwidth utilized by specific applications. NetFlow Analyzer helps in monitoring and fine tuning those policies in the routers to obtain better reasults. For more detailed explanation of the QoS policy validation.

Scheduled reports

Automation is the buzz word in the industry. Generation of daily, weekly, monthly reports are very much possible with NetFlow Analyzer. NetFlow monitoring comes with an edge when a network administrator has a tool that not only monitors netflow but gives the ability to «outsource» the mundane tasks such as periodic report generation to a tool. For more details on scheduled reports.

Alert profiles

IP Grouping

Application Mapping

Monitoring applications using NetFlow has never been easier. NetFlow Analyzer lets you shown in bandwidth reports. Most enterprise applications such as Oracle, PeopleSoft, MSSQL, etc. are already supported, and you can add custom applications to the list of applications recognized. As a result, viewing bandwidth usage for applications specific to your enterprise is no longer a complex task.

Device Grouping

Categorize routers and switches exporting NetFlow or other supported flows, into groups and monitors them exclusively. This feature is especially useful to service providers, who need to manage multiple networks as a single entity. User oriented fetures like these gives NetFlow Analyzer when it comes to NetFlow monitoring and traffic analysis of larger networks.

Role based access

NetFlow Analyzer lets you create any number of users depending on your own access permissions. This is especially useful for NOC and MSP administrators who need to provide customers with bandwidth usage reports and usage trends for their specific networks. Different roles such as administrator, guest and operator can be created, ensuring that netflow monitoring is done on a role based access.

Flexible Licensing

NetFlow Analyzer licensing allows you to decide which NetFlow devices you want to manage at any time. Such flexibility allows you to off-load the system during device maintenance periods, and use your license effectively for NetFlow monitoring.

On the overall, NetFlow Analyzer provides a host of features that make managing NetFlow devices and monitoring NetFlow data a lot less complicated.

Download | Interactive Demo | Product overview video

NetFlow Analyzer is a NetFlow, sFlow, JFLow (and more) collector and analyzing engine integrated together. NetFlow analyzer does not require any hardware probes and can be downloaded, used in your network environment and can be evaluated for 30 days. Go through the following useful links for better understanding of how NetFlow Analyzer can help you in understanding your network traffic and bandwidth utilization.

Differences between Netflow vs SFlow

Some of the key differences of Netflow vs Sflow are highlight in the table below:

Netflow sFlow
Available on Different hardware vendors? No – Only available on Cisco Routers/Switches Yes – Widespread use of sFlow has been adopted by various hardware vendors.
Packet Capturing Not Supported Partially Function –
Interface Counters Not Supported Fully Supported
Protocol Support:
IP/ICMP/UDP/TCP Fully Supported Fully Supported
Ethernet/802.3 Not Supported Fully Supported
Packet Headers Not Supported Fully Supported
IPX Not Supported Fully Supported
Appletalk Not Supported Fully Supported
Input/Output Interfaces Fully Supported Fully Supported
Input/Output Priority Not Supported Fully Supported
Input/Output VLAN Not Supported Fully Supported
Source & DestinationSubnet/Prefix Fully Supported Fully Supported
Next hop Fully Supported Fully Supported
BGP 4 Information:
Source AS (Autonomous Sys.) Partially Supported Fully Supported
Source Peer AS (Autonomous Sys.) Partially Supported Fully Supported
Destination AS (Autonomous Sys.) Partially Supported Fully Supported
Destination Peer AS (Autonomous Sys.) Partially Supported Fully Supported
Communities Not Supported Fully Supported
AS Path Not Supported Fully Supported
Real-time Data Collection Partially Supported Fully Supported
Configure w/o SNMP? Fully Supported Fully Supported
Configure w/ SNMP? Not Supported Fully Supported
Scalability of Traffic Collecting/Analzying Not Supported Fully Supported
Low Cost? Cisco Hardware is Expensive Open to Multiple Lower Cost hardware vendors.
Wire Speed Collection/Analysis Partially Supported Fully Supported

Table via

As you can see, the features of SFlow outweigh those of Netflow fairly largely, especially when it comes to large scale analysis of flow traffic.

The scalability of sFlow in a enterprise environment allows for network-wide views of the an infrasture from a single location, giving you the ability to collect, store and analyze network traffic from thousands for network devices.

Nevertheless, if you are using Cisco equipment, including Switches, Firewalls and Routers, you are limited to using Netflow for traffic collection and such.

Netflow is also enabled on several other hardware vendor brands including 3com, Adtran, Juniper Networks, Riverbed, Enterasys Networks, Extreme Networks and Foundry Networks devices.

Cisco did not include netflow capabilities on network devices in the 2900, 3500, 3660, 3750 series.

Another added benefit of SFlow is the detailed information you can program to receive from each datagram, which includes information from Layers 2 through 7 of the OSI model.

Many of you may be thinking that this will add unnecessary overhead on the network, but due to how the sFlow Agent design and integration into the hardware itself, you receive data at wire speeds without the worry of “clipping” under heavier loads.

Netflow will simply mirror all the traffic which could eventually cause a lot of network overhead.

As more network device hardware vendors come into the industry, sFlow and other Flow protocols will become more widely used since Netflow cannot be used with any device other than Cisco.

At the end of the day, the Netflow vs. sFlow debate is mainly focused on which hardware vendor your planning on using and what kind of flow/traffic information you want to collect, monitor and analyze within your network.


Internet Protocol Flow Information Export (IPFIX) is a standard for exporting the information about network flows from devices. It is derived from Cisco’s proprietary NetFlow v9. A metering process generates flow records collecting data packets at an Observation Point, filters them and aggregates information about these packets. Flow records are sent by the Exporting process running on exporter as IPFIX messages encapsulated by layer 4 protocols (SCTP, UDP or TCP)  to a collector. The messages are pushed to the collector without any interaction by the collector.

IPFIX can be used to export any traffic information from L2-L7 to flow collector. It is a flexible protocol that supports variable length fields. It allows to collect information such as  http url or host (e.g. as well as the user-defined data types. For instance, syslog or SNMP data or even room temperature values can be continuously exported to the collector inside the IPFIX messages.



This section lists the configuration properties of Traffic-Flow.

Property Description
interfaces (string | all; Default: all) Names of those interfaces which will be used to gather statistics for traffic-flow. To specify more than one interface, separate them with a comma.
cache-entries (128k | 16k | 1k | 256k | 2k | … ; Default: 4k) Number of flows which can be in router’s memory simultaneously.
active-flow-timeout (time; Default: 30m) Maximum life-time of a flow.
inactive-flow-timeout (time; Default: 15s) How long to keep the flow active, if it is idle. If connection does not see any packet within this timeout, then traffic-flow will send packet out as new flow. If this timeout is too small it can create significant amount of flows and overflow the buffer.

Note: Starting 6.0rc14 release setting interface will show RX and TX for the interface. Previously traffic-flow reported only RX fraffic for the interface and to see bidirecional data it was required to set up more interfaces.

NetFlow Analyzer 9.0

  • Wide Area Application Services

    Cisco’s Wide Area Application Services(WAAS) optimizes the performance of TCP-based applications in WAN. NetFlow Analyzer interprets optmized data from Waas Central Manager with netflow data to provide in depth visibility in optimization of WAN Applications. It also reports on complete distribution of applications optimized by any WAE in series with routers exporting netflow.

  • WAN Round Trip Time(RTT) Monitor

    WAN RTT (Round-Trip-Time) monitors Link Availability and Round-Trip-Time over links with threshold violation alerts to ensure best performance of WAN traffic all times. Graph based reports with information on packet loss, timeout and connection error along with NetFlow statistics helps in quickest ever troubleshooting of network issues.

  • Branch Office Monitoring

    Verify availability and up time of your links to branch offices using a combination of WAN RTT and NetFlow Analyzer’s IP Group. WAN RTT will measure connectivity from a source to an IP Group created with your branch IP Addresses, helping analyze not just link performance but also find the problem cause using conversation reports for the IP Group.

  • IPv6 Flow Format

    IPv6 Addressing support — Future ready network monitoring by supporting IPv6 flows data.

  • Capacity Planning Enhancements

    Application Growth Report in Capacity Planning — See the time wise split of top 10 applications used on your interfaces

  • Creating Alert Profile with IP Address as Criteria
  • Report Filter Enhancements
  • Option to map IP addresses to site names
  • Scheduling Options for Compare Reports and Report Profiles
  • Support for Radius server Authentication in MSSQL
  • Enhancements to Consolidated Reports
  • Network Snapshot Improved with Widget for Top N Alerts
  • String Search Option for IP groups
  • Custom Selection Option in Device Reports

MikroTik Netflow Monitoring

Looking for more MikroTik NetFlow support   or how to configure other network devices for NetFlow reporting and network visibility?  Please comment below if you have any questions or came across any issues configuring your MikroTik Router, or reach out to our support line at 207-324-8805 x4.

Austin Brooks

Austin is a QA Engineer in the R&D department at Plixer. He works on new report types and aids the front end team with changes to the user interface of Scrutinizer. He has worked in Tech Support as well as a Solutions Engineer for the sales team at Plixer before his move to Development. Austin graduated from UNH’s WSBE with a degree in International Business and speaks a bit of German. Outside of work, Austin spends his time honing his coding skills and does website design for friends and family. He enjoys skiing, hockey, playing and writing music as well as traveling to different countries.


  1. What is NetFlow Version 9? This format is flexible and extensible , which provides the versatility needed to support new fields and record types. This format accommodates new NetFlow-supported technologies such as NAT, MPLS,BGP next hop and Multicast.The main feature of Version 9 Export format is that it is template based.

What is the memory impact on the router due to V9? The memory used depends upon the data structures used to maintain template flowsets. As the implementation does not access the NetFlow cache directly the memory used is not very high.

«Receiving non V5/V7/V9 packets from the following devices: Click here for further details..» What does this mean? If you get this message on the user interface, it means that NetFlow packets with versions other than version 5/7/9, are being received by NetFlow Analyzer. Check your router settings to make sure that only version 5/7/9 NetFlow exports are being sent to NetFlow Analyzer. This is because NetFlow Analyzer supports only NetFlow version 5/7/9 exports.

Is version 9 backward compatible ? Version 9 is not backward-compatible with Version 5 or Version 8. If you need Version 5 or Version 8, then you must configure Version 5 or Version 8.

What is the performance impact of V9? Version 9 slightly decreases overall performance, because generating and maintaining valid template flowsets requires additional processing.

What are the restrictions for V9? Version 9 allows for interleaving of various technologies. This means that you should configure Version 9 if you need data to be exported from various technologies (such as Multicast, DoS, IPv6, BGP next hop, and so on).

How do I configure NetFlow Version 9? Please refer the following document for configuring netflow version 9

Diagram Analaysis

Basic Concepts

Image Explanation
Starting point in packets way through the router facilities. Packet is received it will start its way from here.
Last point in packets way through the router facilities. Just before the packet is actually sent out.
Intermediate interface where packet continues to process through the device after decapsulation
Intermediate interface where packet continue to process through the device before encapsulation
Last point in packets way to router itself, after this packet is discarded
Starting point for packets generated by router itself

Configurable Facilities

Each and every facilities in this section corresponds with one particular menu in RouterOS. Users are able to access those menu and configure these facilities directly

Image RouterOS CLI

Automated processes and decisions

Image Description
Check if the actual input interface is a port for bridge OR checks if input interface is bridge
Allow to capture traffic witch otherwise would be discarded by connection tracking — this way our Hotspot feature are able to provide connectivity even if networks settings are in complete mess
Bridge goes through the MAC address table in order to find a match to destination MAC address of packet. When match is found — packet will be send out via corresponding bridge port. In case of no match — multiple copies of packet will be created and packet will be sent out via all bridge ports
This is a workaround, allows to use «out-bridge-port» before actual bridge decision.
Router goes through the route n order to find a match to destination IP address of packet. When match is found — packet will be send out via corresponding port or to the router itself . In case of no match — packet will be discarded.
This is a workaround that allows to set-up policy routing in mangle chain output
Indicates exact place where Time To Live (TTL) of the routed packet is reduced by 1. If it become 0 packet will be discarded
Self explanatory
Self explanatory
Check if the actual output interface is a port for bridge OR checks if output interface is bridge
Undo all that was done by hotspot-in for the packets that is going back to client.


  1. When I try to access the web interface, another web server comes up. How does this happen? During installation, NetFlow Analyzer checks if the selected port is in use by another application. If at that time, the other web server was down, it will not get detected. Either disable the other web server, change its server port, or change the NetFlow Analyzer web server port.

  2. How can I change the MySQL port in NetFlow Analyzer from 13310 to another port? Edit the mysql-ds.xml file in the /server/default/deploy directory. Change the port number in the line jdbc:mysql://localhost:13310/netflow to the desired port number, save the file, and restart the server.

  3. Can I install and run NetFlow Analyzer as a root user? NetFlow Analyzer can be installed and started as a root user, but all file permissions will be modified and later you cannot start the server as any other user.

  4. Is a database backup necessary, or does NetFlow Analyzer take care of this?(or)How to back-up data in NetFlow Analyzer ? NetFlow Analyzer includes a database backup utility that you can use to make a backup of the database. There are 2 ways of backup :

    1. You can execute the script «backupdb.bat» / «» which can be found under /adventnet/me/netflow/troubleshooting. This will created a back up of the database in a zip format. When you want to restore. You have to extract the zip to the /adventnet/me/netflow directory. This is a slow process.
    2. Stop NetFlow Analyzer service and copy both the Mysql and data folders under $NETFLOW_HOME/ folder. In both the above process the version of NFA should be the same.
  5. How do I update patch in Linux ?

    Please use the command «sh -c» and follow the instructions to upgrade NetFlow Analyzer.

NetFlow Analyzer 8.6

  • Capacity Planning Report

    «Capacity planning» helps you to understand the traffic trend over a period of time. This, in turn, helps you to predict the traffic growth in your network and if the traffic growth is business-critical. Capacity plans allows you to take informed decisions for upgrading bandwidth pipes in your network.

  • Report Profiles

    Report profiles helps you create custom reports as per your need. You can have as many profiles as the need be. These reports are device specific. You can only view different reports for one device in one particular profile.

  • Top Sites

    This gives a list of applications and the various sites visited through these applications.

  • Compare report include 95th percentile

    You can see the 95th percentile data in the «compare reports». Standard deviation values have been added in this report.

  • Selection box for list of application
  • Compare report should include 1,5,15 min reports
  • Resolve NATED Addresses in ASA reports
  • Re sizeable columns
  • Configures CBQoS automatically for first 20 routers
  • Schedule Reports CSV option
  • Geo location PDF and CSV
  • Schedule Business hours for last month and week
  • Standard Deviation calculation in Traffic Report
  • Interface performance dashboard
  • Add custom URL widget in Dashboard

Flow Cache

The Flow Cache entry contains information about the Flow including the following:

  • Destination IP Addresses
  • Source IP Addresses
  • Destination Port Number
  • Source Port Number
  • Source interface,
  • Layer 3 Protocol Type,
  • ToS Byte – (means Type of Service Byte and takes into account the Precedence, Speed, Throughput Levels and Reliability
  • Input Logical Interface (ifIndex) (The interface of the Router or Switch)

The packet is then routed out the destination interface. As the following packets that match an existing flow entry come into the router, the byte and packet counters keep increment through each additional data-gram until the connection between the host involved in the flow is torn down.

So packets that enter the Router that don’t have a matching flow entry are first determined to be routeable and if they’re accepted, they’re then forwarded after a flow cache entry is made.

A Flow Cache can contain hundreds of thousands of entries, and in some cases, into the Millions of entries.

When the flows expire, they’re exported off to the Netflow Collector, which will constantly analyze and archive the flows for future reference.

The Netflow Collector can then provide details on things like, the threats detected, the network topology, top interfaces and graph those trends.

Netflow is used for finding bandwidth hogs, hunting down network threats, isolating application slowness issues and even for usage based billing by some ISP’s.

Netflow version 9, which is now a IETF standard known as IP Information Export (IPFIX), is the new standard for transporting information from Switches and Routers to a Collector.

Many hardware vendors are now adopting IPFIX, which is the official standard for all flow technologies.

Both Netflow and IPFIX can be performed in hardware or software, they can be used to export information in real-time, right down to the second, and they can be used for both flow and packet sampling, much like SFLOW.

Best Netflow Generators for Simulating Flow Traffic for Testing/Troubleshooting:

Below you’ll find a quick Description of each tool and software

1.  Flow Tool (Best Choice)

Flow Tool Bundle is hands down one of the best flow traffic analyzers. It is a free tool that allows you to distribute, configure, and test your flow traffic.

  1. The SolarWinds NetFlow Replicator,
  2. SolarWinds NetFlow Generator
  3. SolarWinds NetFlow Configurator

With the NetFlow Replicator, you can configure devices to send traffic to multiple destinations, then replicate the same flow for analysis or security purposes. With the NetFlow Generator, you can simulate network flow data so you can test your configurations.

The Generator is really useful when testing complex network setups, like firewall rules or load balancers. Finally, with the NetFlow Configurator, you can remotely configure and activate NetFlow v5.

With Flow Tool Bundle you can do the following tasks:

  1. Test different configurations.
  2. Help troubleshooting certain issues by generating simulated flow traffic.
  3. Reproduce IP flow data to many destinations at the same time.
  4. Activate NetFlow and find bottlenecks.

Unlimited and 100% free.

2.  NetFlow Generator from Paessler

The software is deployed on a computer so that it can send NetFlow v5 packets to any target which is able to process the data. With NetFlow Generator you can create different traffic patterns and loads.

Thanks to its simple GUI, the tool is fairly easy to set up and use.  The GUI is divided into three panels, Flows, Collector, and Statistics. In the Flows section, you can define one or more sets of data flows. In the Collector section, you can define the target IP, TCP Port, and speed. In the Statistics section, you can view how much data was forwarded and to which target.

NetFlow Generator from Paessler works only on Windows Systems

3.  Flowalyzer from Plixer

It is a free toolkit capable of sending and receiving NetFlow and sFlow data. Flowalyzer is mainly used for testing Cisco devices or any NetFlow collector software. With this tool, you can ensure that the NetFlow configuration is right on both ends of the communication.

Although the application seems simple to install, you need advanced networking experience to set it up for the first time. The user interface is divided into tabs, each with a separate tool.

Flowalyzer provides you the following set of tools:

  1. NetFlow & sFlow Listen: Determine which device is sending the highest volume.
  2. NetFlow Generator: Create NetFlow data and find out whether the destination accepts flows.
  3. NetFlow & sFlow Configurator: Configure Cisco devices for exporting NetFlow data.
  4. NetFlow & sFlow Communicator: Test communication with Ping or Traceroute.
  5. SNMP Trender: Generate graphs for SNMP devices.

Обеспечьте доскональный анализ трафика с помощью NetFlow

Мониторинг пропускной способности и анализ трафика

  • Контролируйте пропускную способность сети и модели трафика на уровне отдельного интерфейса
  • Подробно изучите данные на уровне интерфейса для выявления моделей трафика и параметров работы устройств.
  • Получайте аналитическую информацию о пропускной способности вашей сети в режиме реального времени посредством ежеминутных отчетов.

Экспертиза сети и анализ безопасности

  • Выявляйте широкий спектр внешних и внутренних угроз с помощью технологии Continuous Stream Mining Engine.
  • Отслеживайте сетевые нарушения через брандмауэр вашей сети.
  • Определяйте контекстные нарушения и уязвимости нулевого дня при помощи NetFlow Analyzer.

Мониторинг приложений и формирование трафика приложений

  • Распознавайте и классифицируйте нестандартные приложения, которые пользуются ресурсами вашей сети, с помощью NetFlow Analyzer.
  • Перенастраивайте политики с помощью методики формирования трафика через ACL или политику, основанную на классе, для получения контроля над приложениями, нуждающимися в определенной пропускной способности.
  • NetFlow Analyzer использует Cisco NBAR, чтобы вы имели полное представление о трафике прикладного (седьмого) уровня и распознавали приложения, которые используют номера динамических портов или скрываются за известными портами.

Планирование емкости и выставление счетов

  • Принимайте обоснованные решения по росту пропускной способности с помощью отчетов о планировании емкости.
  • Измеряйте увеличение пропускной способности в течение периода времени посредством долгосрочной отчетности.
  • Четкая тенденция в течение длительных исторических периодов.
  • Формируйте счета по запросу для бухгалтерского учета и начислению затрат по отделам.

Эффективно контролируйте голосовую связь, видео и передачу данных

  • Анализируйте уровни сервиса IP для сетевых приложений и служб, использующих монитор IP SLA в составе NetFlow Analyzer.
  • Обеспечивайте высокий уровень качества передачи данных и голосовой связи с помощью технологии Cisco IP SLA.
  • Отслеживайте основные показатели эффективности трафика голосовой связи и передачи данных.

Поддержка нескольких поставщиков и технологии обработки потоков данных

  • Собирайте, анализируйте потоки данных от основных устройств, например Cisco, 3COM, Juniper, Foundry Networks, Hewlett-Packard, Extreme и других ведущих поставщиков
  • Отчитывайтесь по всем основным форматам потоков, например NetFlow, sFlow, cflow, J-Flow, FNF, IPFIX, NetStream, Appflow и т. д.

NetFlow Analyzer 12.1

  • New easy-to-use web client for both editions: NetFlow Analyzer has made navigation between tabs even more easier with greater visibility and control over network data and thus, makes it more reliable and user friendly.  
  • High Scalability:NetFlow Analyzer Essential & Enterprise edition (each collector) can now scale upto 100k flows/sec.  
  • Network configuration manager add-on to manage all the configuration changes along with change management & compliance management has been added to both the editions.  
  • Tight integration with network management solution: This enhancement has brought bigger benefits by managing your entire network infrastructure with single exe for all the available softwares by availing very tight integration with ManageEngine OpManager.  
  • Wireless LAN Controller monitoring: This feature is now available as add-on to take control of your wireless APs and LANs for better management of enterprise bandwidth.  
  • End User Bandwidth monitoring: Introducing this feature as BETA to monitor end-users bandwidth usage which has enhanced the way of troubleshooting excessive bandwidth usage better.  
  • Collaboration tool added: Group chat is now available at free of cost to interact within teams to resolve/assign the issues in more simplified way. Alerts can be discussed with the help of this tool.  
  • Newly added settings for Network Mapping: Now you can create visual view of network maps with the help of this setting and add network devices and priority links to get live status of your network links.

Instructions to apply Upgrade / Service Pack

The following instructions is to upgrade NetFlow Analyzer.

Note: Taking a backup is essential to revert to the existing build without any loss of data if the upgrade fails due to unexpected reasons.

  • Step 1: Shut down NetFlow Analyzer. (If NetFlow Analyzer is running as a service, stop the service also)
  • Step 2: Take a back up of the entire MySql and Data folder from under the directory to a safe location.

Steps to backup database

Mysql/Postgres Database:

  • Stop NetFlow Analyzer Service.
  • Take the backup for complete NetFlow folder as backup.
  • Follow the steps to upgrade NetFlow Analyzer.

MSSQL Database:

  • Stop the NetFlow Service.
  • Take the backup of the data folder under NetFlow_Home directory.
  • Take the backup for the netflow database in MSSQL server using SQL Server Management Studio. Please refer the link to take the backup in MSSQL.
  • Proceed with the upgrade steps.

For NetFlow Analyzer Enterprise Edition:

  • Stop NetFlow Analyzer Central and Collector Service.
  • Take the backup for complete NetFlow folder as backup in both Central and Collector server.
  • Proceed with the upgrade steps.
  • Proceed with the upgrade steps.
  • Step 3: Execute the UpdateManager.bat (.sh in case of Linux) file present in the /bin directory.
  • Step 4: Click Browse and select the appropriate service/upgrade pack (see the table above) you downloaded.
  • Step 5: Click Install to install the service pack. This may take several minutes depending on the amount of data that needs to be migrated.
  • Step 6: Wait until the service pack is fully installed.
  • Step 7: Click Close and then click Exit to exit the Update Manager tool.
  • Step 8: Start the NetFlow Analyzer server.


NetStream is a NetFlow equivalent brought by Huawei. NetStream infrastructure consists of: – NetStream data exporter (NDE) – NetStream collector (NSC) – NetStream data analyzer (NDA)

Note:  NSC and NDA are typically integrated into one server.

The NDE samples packets in order to reduce the impact on device performance. For instance, when NDE is set to packet-based random sampling, the NDE randomly samples a packet from a specified number of packets transmitted. If the number of packets is set to 100, the NDE randomly samples a packet from every 100 packets.

Note:  IPv4 NetStream defines a flow based on the seven criteria just like NetFlow, so packets with the same 7-tuple information are marked as one flow.

Flow records are stored in NetStream cache on NDE. When a NetStream flow is aged out, NDE exports flow statistics from cache to NSC using NetStream packets. Similar to NetFlow, NetStream flows are aged out based on active and inactive timers. When RST or FIN flag are received, a particular flow is immediately aged out from cache as well. Also, when bytes aging mode is enabled, NDE ages out the flow once upper bytes limit is reached.

NDE periodically exports flow statistics to NSC. NSC collects and parses packets from multiple NDEs and stores them to the database.

NDA is a traffic analysis tool. It extracts statistics from NSC, processes statistics, and generates a report. The report can be used for traffic accounting, network planning, and attack monitoring.


It is important to mention that all of these technologies (NetFlow, SFlow etc.) have their strengths and weaknesses in terms of scalability, performance, accuracy and protocol coverage in the estimation of network traffic parameters. But what is equally or more important for network professionals is the quality, versatility, power and the ease of use of the traffic analysis applications that actually analyze the collected flows / packets info and present engineers with readable data and reports.

NetFlow Record is Created

There are hundreds of thousands flows recorded in the NetFlow cache. Obviously, flows do not live in cache forever, instead they are exported from the cache to a flow collector on a regular basis. A flow is exported when it is inactive for a certain time e. g. no new packets are received for the flow. By default, the inactive flow timer is set to 15 seconds. The flow is also exported when it is long lived (active) and lasts longer than the active timer.  By default, the active timer is set to 30 minutes. For instance, a large file download that lasts longer than 30 minutes may be broken into multiple flows. It is a role of the flow collector to combine these flows showing the total download.

С этим читают