NetFlow monitoring & analysis made easy with PRTG
A single solution to analyze your bandwidth & traffic
- Get a comprehensive overview of your network
- In-depth traffic and performance analysis
- Maximize network uptime and prevent overloads
- All different NetFlow versions & flow protocols supported
Why choose PRTG NetFlow monitor
- NetFlow monitoring: 4 reasons why you should consider PRTG
- Preconfigured PRTG sensors for NetFlow analysis
- 3 use cases of our NetFlow analyzer PRTG
- Network traffic monitoring comparison: NetFlow, SNMP, packet sniffing
- NetFlow monitoring for virtual environments
- NetFlow collector vs. NetFlow analyzer: Why using a single tool like PRTG is ideal
- NetFlow monitoring: FAQ
What is NetFlow?
NetFlow is a protocol for collecting, aggregating and recording traffic flow data in a network. NetFlow data provide a more granular view of how bandwidth and network traffic are being used than other monitoring solutions, such as SNMP. Read more
NetFlow monitoring: 4 reasons why you should consider PRTG
NetFlow monitoring lets you analyze your network traffic and get a picture of network traffic flow. This can help you understand which process, user, or application might cause speed problems or network outages.
Analyze your network traffic
Our NetFlow monitoring tool PRTG lets you analyze and monitor your bandwidth and determine, for example, the amount of traffic caused by IP addresses , protocols, or programs. To carry out such an analysis, configure your routers in a way that flow packets are sent to a PRTG server or a computer that has a PRTG remote probe installed.
Benefit from high efficiency & scalability
NetFlow puts only little strain on your CPU and is especially adapted for networks with heavy data traffic. With its flexible licensing model, PRTG is easy to adapt to changing network demands.
Automatic, customizable alerts included
PRTG automatically alerts you by SMS, email, push notification, or many other customizable notification methods when threshold values are exceeded. Notifications sent by PRTG reach you wherever you are – even while on the go.
Visualize data on easy-to-read dashboards
PRTG displays your network traffic data on highly customizable, easy-to-read dashboards and maps . As a cross-manufacturer monitoring software, PRTG eliminates the need to juggle a number of different software solutions – just combine your NetFlow monitoring with data from all other devices in your IT infrastructure and visualize them the way you need.
Preconfigured PRTG sensors for NetFlow analysis
How PRTG defines sensors
In PRTG, “sensors” are the basic monitoring elements. One sensor usually monitors one measured value in your network, e.g. the traffic of a switch port, the CPU load of a server, the free space of a disk drive. On average you need about 5-10 sensors per device or one sensor per switch port.
Use our built-in PRTG sensors for NetFlow monitoring that come with every PRTG license out of the box. Each sensor lets you break down traffic into the top talkers, top connections, and top protocols in your network to find out which device is using up your bandwidth.
NetFlow v5 sensors
NetFlow v9 sensors
What NetFlow analysis looks like in PRTG
Get a comprehensive and real-time view of your network traffic as well as a quick overview if everything is running smoothly in your network. PRTG also provides historical traffic data, enabling you to track long-term trends and identify potential performance and security issues.
PRTG is compatible with all major vendors and manufacturers
3 use cases of our NetFlow analyzer PRTG
With PRTG, you can easily detect, for example, if your switches are not equipped to handle the quantity of data that passes them – before they become completely overloaded.
What’s more: should these switches actually overload during a backup , for example, PRTG helps you to quickly find the root cause of the issue.
Identify bandwidth hogs
Different sources like individual users, programs, or specific data often use disproportionately high amounts of bandwidth. With NetFlow monitoring, you can break down traffic, for example, by IP address and this way discover bandwidth hogs real quick.
Spot load peaks early
Many companies experience fluctuations regarding access to various websites or applications that are used internally. Define your own warning and error thresholds so that PRTG can alert you as early as possible if values are exceeded – ideally, before the performance of your system goes down.
Avoid backup overloads
Thorough backups can lead to problems for the entire network. Such issues are frequently the result of individual routers or switches that overload during the backup and thwart the entire network. Use NetFlow monitoring to find the root cause of a problem and troubleshoot the issue quickly to optimize your network in the best way possible.
PRTG provides other flow sensors with which you can monitor your chat protocols, Citrix, FTP, email, and other traffic.
Network traffic monitoring comparison:
NetFlow, SNMP, packet sniffing
The Simple Network Management Protocol is extremely popular and offers an easy way to read device data. SNMP monitoring provides you with deeper insights into, for example, bandwidth and CPU usage, or the temperature of your hardware, but also into your network traffic.
For more detailed information on your network traffic and bandwidth usage, use packet sniffing to take a closer look at the packets passing through individual routers or switches. This technology only analyzes the header traffic.
NetFlow is a protocol supported by Cisco hardware. You therefore need a monitoring solution as well as hardware that supports NetFlow. This technology lets you analyze your network traffic in detail without putting much strain on your network.
Your NetFlow monitoring at a glance – even on the go
PRTG is set up in a matter of minutes and can be used on a wide variety of mobile devices.
NetFlow monitoring for virtual environments
VMware uses NetFlow technology in the "vSphere Distributed Switches (vDS)" product line. These virtual switches connect the virtual network cards of virtual machines (VMs) to the network by way of the hosts’ physical network cards. VMware integrates NetFlow for these virtual switches.
Virtual NetFlow monitoring with PRTG
Set up NetFlow in the VMware vCenter and configure it in such a way that these flows are sent to PRTG, where a corresponding flow sensor monitors and displays the data. As long as the correct NetFlow version is used, it will make no difference to PRTG where the flows come from.
NetFlow collector vs. NetFlow analyzer: Why using a single tool like PRTG is ideal
What are the best NetFlow tools?
Many tools can collect and analyze flow data. When choosing a tool, you should consider your needs, and the extent to which you would like to analyze your data. It might also make sense to use several different tools concurrently. We have found, for example, that many administrators use Wireshark in addition to PRTG. Thanks to its flow monitoring, PRTG can give you an overall picture while allowing you to rule out possible causes of network problems. Wireshark, on the other hand, offers a detailed look at individual data packets.
What is a NetFlow collector?
A NetFlow collector captures, saves, and processes NetFlow data. Some of these tools are more effective than others at providing in-depth data analysis. Many administrators, however, use one single tool like PRTG to perform the functions of both NetFlow collectors and NetFlow analyzers.
What is a NetFlow analyzer?
With a NetFlow analyzer, you not only capture flow data but also perform an in-depth analysis of this data. PRTG is both a NetFlow collector and a NetFlow analyzer. It captures and processes NetFlow data and shows this data on easy-to-read dashboards.
PRTG uses so-called toplists to display top talkers, top connections, and top protocols, and lets you drill down into the collected data for further analysis.
What are the advantages of using a single tool for NetFlow traffic collection and analysis?
Using a single tool like PRTG for NetFlow data collection and analysis can be more efficient and cost-effective than using two separate tools. A single tool usually provides a unified interface for both tasks, making it easier to navigate and use.
Additionally, having one tool for both tasks can reduce the complexity and maintenance required for the system, as there is only one set of software to update and troubleshoot.
Furthermore, using only one tool can ensure consistency in data collection and analysis, reducing the risk of errors or discrepancies between the two separate tools.
Which NetFlow collectors and analyzers are available for Windows?
PRTG is a NetFlow collector and analyzer that runs on Windows. As our focus has always been on Windows systems, we have acquired quite a bit of expertise in the area of NetFlow monitoring with Windows. It also uses technologies that enable you to monitor non-Windows operating systems.
NetFlow analyzer download: free or professional?
Many administrators wonder if there is an effective, free NetFlow analysis tool on the market, or if they should consider using a professional one. PRTG comes with 100 free sensors for life. And if you decide to expand your monitoring in the future, you can purchase a professional license at any time.
“Cisco has continuously developed the NetFlow technology. Administrators must therefore find out beforehand which NetFlow version is supported by their routers and switches. With the right PRTG sensors, setting up NetFlow monitoring is quick and easy.” Gerald Schoch, release manager at Paessler AG
Practical tip: “Hey Gerald, what would you tell administrators looking to use PRTG as a NetFlow Analyzer?”
“Cisco has continuously developed the NetFlow technology. Administrators must therefore find out beforehand which NetFlow version is supported by their routers and switches. With the right PRTG sensors, setting up NetFlow monitoring is quick and easy.”
Gerald Schoch, release manager at Paessler AG
PRTG: The multi-tool for sysadminsAdapt PRTG individually and dynamically to your needs and rely on a strong API:
- HTTP API: Access monitoring data and manipulate monitoring objects via HTTP requests
- Custom sensors: Create your own PRTG sensors for customized monitoring
- Custom notifications: Create your own notifications and send action triggers to external systems
- REST Custom sensor: Monitor almost everything that provides data in XML or JSON format
“Easy to implement and configure with good technical support.”
R. v. S., ICT Manager at Heinen & Hopman Eng BV
Create innovative solutions with Paessler’s IT partners
Partnering with innovative IT vendors, Paessler unleashes synergies to create
new and additional benefits for joined customers.
PRTG makes your job easier
Our monitoring software frees you to focus on other tasks by promptly notifying you of potential issues.
PRTG gives you one central monitoring tool for your servers and entire network. Enjoy a quick overview of your whole infrastructure via our dashboard and app.
Getting started with PRTG is a breeze. Setting up or switching from another network monitoring tool is easy thanks to the auto-discovery and pre-configured device templates.
We asked: would you recommend PRTG?
Over 95% of our customers say yes!
Paessler AG conducted trials in over 600 IT departments worldwide to tune its network monitoring software closer to the needs of sysadmins.
The result of the survey: over 95% of the participants would recommend PRTG – or already have.
“First, PRTG gives us the insight we need, telling us what is happening across our global network at any given moment. Second, the improved insight has increased our availability.“
Jonathan Hoppe, Co-Founder of Total Uptime // Read case study
NetFlow monitoring: FAQ
NetFlow is a protocol for collecting, aggregating, and recording traffic flow data in a network. NetFlow data provides a more granular view of how bandwidth and network traffic are used than other network protocols such as SNMP.
NetFlow was developed by Cisco. It is natively integrated into Cisco’s IOS software that runs on Cisco routers and switches. Many other hardware manufacturers either support NetFlow or use alternative flow technologies such as jFlow or sFlow.
Creating a flow
A flow is a way of grouping a unidirectional stream of packets into a specific set. These sets can be configured based on matching attributes in each packet, including:
- IP source
- IP destination
- Source port
- Destination port
- Class of Service
- Layer 3 protocol type
As each packet is forwarded, the respective attributes are examined. A flow is generated by the first packet passing through the standard switching path. Each additional packet with the same parameters (source and destination IP addresses, source and destination port, class of service) is grouped into a single flow. Any variation in the value of any one of the parameters creates a new flow.
Monitoring and grouping every packet forwarded by a router or switch generates a lot of data. This data is condensed into a database within the network device called the NetFlow cache. A flow record is kept for each active flow. Data is expired and then exported from the cache to a NetFlow collector server at regular intervals based on flow timers.
Flows are grouped for export into a NetFlow Export datagram. Each datagram consists of up to 30 flows. According to Cisco, standard NetFlow exports use about 1.5 percent of the total analyzed switched traffic.
The NetFlow v9 record is template based. The record format is defined by a packet header, followed by at least one template FlowSet and data FlowSet. The template FlowSet provides a description of what data comes with the data FlowSets.
NetFlow data is periodically reported to a NetFlow collector. The collector is a different server or computer that runs a NetFlow receiver software which is designed to gather, record, filter, and analyze the resulting flows. The collector software must support the same NetFlow version as the exporting server.
NetFlow datagrams are exported using the User Datagram Protocol (UDP). The IP address of the collector and the destination port must be configured on the router or switch itself. In some cases, SNMP can be used to turn on NetFlow and configure the collector’s IP address to send the data to.
It is possible to access some NetFlow data via SNMP using the NetFlow MIB. While not designed to be a replacement for NetFlow export, it does offer a way to gain access to NetFlow data in a different way. The available data includes the number of flows, the flows per second, and packets or bytes per flow.
Here you can see the NetFlow Top Talkers command, which lists the largest packet and byte consumers of the network. Before you can use the Top Talkers command, you need to configure it:
The top 10 talkers in a network sorted by packets, for example, can be seen here:
R3#show ip flow top-talkers
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Et1/0 172.16.10.2 Et0/0 172.16.1.84 06 0087 0087 2100
Et1/0 172.16.10.2 Et0/0 172.16.1.85 06 0089 0089 1892
Et1/0 172.16.10.2 Et0/0 172.16.1.86 06 0185 0185 1762
Et1/0 172.16.10.2 Et0/0 172.16.1.86 06 00B3 00B3 2
Et1/0 172.16.10.2 Et0/0 172.16.1.84 06 0050 0050 1
Et1/0 172.16.10.2 Et0/0 172.16.1.85 06 0050 0050 1
7 of 10 top talkers shown. 7 flows processed.
Network, user and application monitoring
The most obvious use for NetFlow is network monitoring. NetFlow data provides detailed bandwidth usage information that can be broken down, for example, by user, client system, time, or application. The respective data arrives at the NetFlow collector almost in real time.
As a single computer or service that uses a sufficiently large amount of bandwidth can affect network performance for other users, monitoring traffic patterns, user patterns, and application patterns can alert an administrator to potential issues before they happen. This provides a valuable troubleshooting resource.
Capturing NetFlow data over longer periods of time and analyzing trends found within the data provides an opportunity to know in advance what the network requires. Perhaps various applications running at the end of the month generate additional traffic that affects network performance. In that case, other high-bandwidth activities can be scheduled at different times of the month to prevent bottlenecks.
Furthermore, NetFlow data can help determine when traffic growth is actually becoming too high for the current hardware to handle. This offers plenty of time to purchase, install, and configure additional or faster routers and switches.
Usage-based billing and reporting
With its ability to identify specific traffic streams (including where they originated and which applications triggered them), NetFlow data can be analyzed to see how much of the network is used by specific users, groups, or applications. With such detailed data, it is easy to adjust billing rates based on the time of day, application usage, or total bandwidth.
NetFlow can help with network security as well. If a user suddenly generates large amounts of traffic that they usually not require for their job, perhaps their account has been compromised. NetFlow data quickly reveals anomalies in network traffic, whether it’s a worm trying to spread, malware trying to contact a control server, or a disgruntled employee copying sensitive company data.
While the overall traffic generated by NetFlow is relatively low, it is important to locate the NetFlow collectors strategically to avoid sending data via expensive connections or via connections that can’t handle additional traffic. Local data collection works best for most environments.
Still not convinced?
More than 500,000
sysadmins love PRTG
Paessler PRTG is used by companies of all sizes. Sysadmins love PRTG because it makes their job a whole lot easier.
Monitor your entire IT infrastructure
Bandwidth, servers, virtual environments, websites, VoIP services – PRTG keeps an eye on your entire network.
Try Paessler PRTG
Everyone has different monitoring needs. That’s why we let you try PRTG for free.
|Network Monitoring Software - Version 22.214.171.1243 (September 20th, 2023)|
|Download for Windows and cloud-based version PRTG Hosted Monitor available|
|English, German, Spanish, French, Portuguese, Dutch, Russian, Japanese, and Simplified Chinese|
|Up to 100 sensors for free (Price List)|
|Network devices, bandwidth, servers, applications, virtual environments, remote systems, IoT, and more|
Supported Vendors & Applications