Free or Paid NetFlow Analyzer?


Let's say you are a network admin responsible for managing growing or distributed network, that you have a need for a more in-depth monitoring of your traffic and events, and now you need to make a first decision about which type of tool you would like to use.

This looks like a simple thing to do, but after a more closer inspection it actually can become a tougher choice to make. The reasons behind are that there is a vast amount of vendors, licensing models, advertisement, and all that noise actually makes you feel overwhelmed and agitated about it. We will try to help you with this by presenting key advantages of typical free and paid solution, so you can make a more balanced decision about which one is more suitable for your needs. 

  • No license and support fees
  • Dependent software (eg. database, application server, etc.) is usually free, too
  • Lightweight use of hardware resources
  • Straightforward, simple, easy to learn and use
  • Transparent and educational about what type of technology and implemented is behind
  • Open source community (eg. github) can provide objective advice for usage and troubleshooting
  • More of people engaged in the development team
  • People, working on it, have a regular job with high priority, so the quality and user experience is usually better
  • Ongoing development and more frequent updates (new features, improvements and bugfixes)
  • In most cases, uses more recent and advanced technology (back-end, front-end)
  • More tested, stable and reliable for use with demanding production requirements
  • Captures more export protocols (NetFlow v9, sFlow, NSEL...), meaning more devices to monitor
  • Both IPv6 and IPv6 addresses are supported
  • More OS supported (Windows, Debian, Ubuntu...)
  • Provides more advanced analytic functionalities (filtering, segmenting, secondary dimension drill-down, pivoting etc.)
  • Flows are deduplicated so one flow is not counted multiple times from all exporting devices
  • More customizable to specific network environments
  • Can present traffic by sites, organizational units and departments
  • User management enables multiple people and groups to use software
  • Access to support (answers to questions, consultancy, custom implementation, troubleshooting, etc.)
  • Besides networking devices, it can also monitor servers, virtual machines, BYOD, internal applications and external domains
  • Practical alerting system (flapping suppression, delay, percentage or volume based, escalation to ticketing)
  • Can provide more intelligent analysis (baselining, behavioral analysis, threat detection, event correlation)
  • Network flow mapping and visualization (maps, topology)
  • More optimized performance for competitive use at larger scale and by multiple users (eg. aggregation, multi-threading)
  • Appliance or distributed collection can be deployed in a large-scale network
  • Cloud (SaaS) option can be available for small networks for quicker onboarding and managed server option 

As usual, it all comes down to the leverage on how much time and money you have to invest on one side, and want to save on the other. We hope this simple comparison has cleared out all the doubts that you had. Now you are a step closer to finding your optimal solution. 

Keep analyzing!

Specific traffic patterns monitoring (Facebook, Yo...
All you need to know about Manual Deduplication

Related Posts

By accepting you will be accessing a service provided by a third-party external to


Mailing and Visiting Address:
Soneco d.o.o.
Makenzijeva 24/VI, 11000 Belgrade, Serbia
Phone: +381.11.6356319
Fax: +381.11.2455210 |


linkedin facebook facebook