Where is all my bandwidth going? What traffic is running around our network? How can we investigate numerous kinds of traffic flows? Why is my network getting busy and slower? We all have these types of questions about network traffic examination. In this article you will come to know all about Network Analysis Tools!

In most computer networks, we use network analysis tools to manage, analyse and monitor network operations. These tools constantly monitor network operations and when an issue occurs, a notification will be generated and sent out to concerned teams.

CCNA Training – Resources (Intense)

The increased use of multimedia applications, VoIP, and Cloud services builds more stress and pressure on the network. Upgrading is not a stable solution, so a good network analysis tool can be an effective solution to overcome the above listed issues.

This article reviews top ten network analysis tools for different functional areas.

1. SolarWinds NetFlow Traffic Analyzer, aka Orion NTA

Full investigation of network activities

SolarWinds NetFlow Traffic Analyzer is a widely used NetFlow analysis utility. It helps to explore traffic flow activities over the network and examines the device behaviour for excessive traffic flow. This tool allows network administrators to regulate extreme bandwidth utilisation for smooth network operations without upgrading network resources.

NetFlow Traffic Analyzer can examine standard “Flow” data of multivendor network devices such as Cisco, Juniper, Riverbed, HP, Nortel, or Huawei with central GUI based network applications. It also supports triggered alerts and reports on the basis of accumulated “Flow” data to achieve appropriate network utilization. Instead of IP or port based “Flow” analysis, you can also map common web applications such as Facebook, Twitter, or torrent sites for application based analysis.

Using this utility administrator you can customise different chart elements to simplify the chart view by eliminating unnecessary data. This tool also supports sFlow v2 & v4 and vSwitch interfaces to capture data.

Price: Starts at $1875; 30-day free trial can be downloaded from the link below.

Website:
http://www.solarwinds.com/netflow-traffic-analyzer.aspx

Pros

  • Variety of chart customisations
  • Advanced applications mapping (Facebook, online gaming portals)
  • Full SNMP management

Cons

  • Network Performance Monitor is required for proper functionalities.

2. Alcatel Lucent’s Motive Network Analyzer – Copper

Ultimate utility to examine service provider’s copper access network

Motive Network Analyzer – Copper (NA-C) offers comprehensive inspections to service provider networks with rapid fault localisation and quick troubleshooting experience through its near-real time smart carrier data collection, expert diagnosis and repair advice capabilities. This tool also helps a carrier’s network optimise day to day DSL stability issues to meet the requirement of high bandwidth network services, and it assists easy upgrades to ADSL2+, VDSL2, and VDSL2 vectoring and bonding.

Motive NA-C enhances quality line stability, performance, and proactive fault detection with Single-ended Line Testing (SELT) and Dual-ended Line Testing (DELT) to identify various connectivity problems, including detection and localization of open circuit/short circuit faults and powered down CPE detection. Motive NA-C allows service providers to offer customer-focused stress free network solutions and services to manage reliability with its clients.

Price: Price details are not disclosed by the company. Click here to buy: https://www.alcatel-lucent.com/how-to-buy-form

Website: https://www.alcatel-lucent.com/products/motive-network-analyzer-copper

Pros

  • Multivendor DSLAM support
  • On-demand line quality inspections
  • Single-ended/Double-ended/Narrow Line Testing

Cons

  • Some of its features are quite complex and difficult to understand.
  • Domain specific analysis

3. Alcatel Lucent’s Motive Network Analyzer – Fiber

Ultimate utility to manage fiber access networks

Motive Network Analyzer – Fiber (NA-F) helps service providers to improve their fiber access network by enhancing fiber activation success rate, fault identification and availability to customers.

This network analyzer reduces operating costs of fiber access networks by providing smooth integration with existing operations support systems (OSSs), GPON equipment and customer systems. It features automated power validation upon PON provisioning or repair service repair actions that go unobserved during manual error-prone validations. With GIS maps integration, this tool enhances the experience of rapid fault localisation and diagnostics by knowing the exact fault location, thereby helping administrators resolve issues quickly.

Its Link Quality Indicator evaluates end to end proactive maintenance of fiber access networks to provide fast, consistent and accurate fault localisation. This utility can also examine fiber-related ONT UNI configuration issues and Ethernet connectivity problems of customers.

Price: Price details are not disclosed by the company. Xlick here to buy: https://www.alcatel-lucent.com/how-to-buy-form

Website: https://www.alcatel-lucent.com/products/motive-network-analyzer-fiber

Pros

  • Automatic power validation
  • Embedded optical time-domain reflectometer (OTDR) measurements
  • SLA based Critical link monitoring
  • Fault localisation visuals on GIS maps

Cons

  • Limited to fiber access networks
  • Takes time to understand its features

4. Nagios Network Analyzer

Detailed analysis for small to large scale networks

Nagios Network Analyzer is a widely used flow data analysis solution utility. It offers detailed analysis of various network services such as POP3, HTTP, ICMP, etc. It generates quick and easily interpreted charts to refine captured data with very valuable statistics like processor, disk usage, bandwidth utilisation and much more to assess a network’s health.

Nagios Network Analyzer can be easily integrated with Nagios IX and can also be customised to meet network requirements. This tool provides a central view of network traffic and bandwidth utilisations and also offers automated alerts and SNMP traps when suspicious activity takes place on the network.

The Nagios Network Analyzer system has two categories of licencing:

1) Open Source foundation cores and components like NFDUMP and RRDTool.

2) Nagios Network Analyzer UI and system frameworks, which are released under a commercial license and contain some code used under license by Nagios Enterprises that cannot be released under an OSS license.

Price: $995 for 1 license https://www.nagios.com/products/nagios-network-analyzer/#pricing

Download Link:

https://www.nagios.com/downloads/nagios-network-analyzer/

Website:
https://www.nagios.com/products/nagios-network-analyzer/

Pros

  • Comprehensive dashboard
  • Easily understandable graphs
  • Automated alert system
  • Advanced user management

Cons

  • Sometimes no response with sflow capture

5. ManageEngine NetFlow Analyzer

Good for medium to large scale multi-vendor networks

ManageEngine Netflow Analyzer is a good choice to examine multi-vendor LAN/WAN environments. Using this utility you will be able to analyse most NetFlow packets originating from enterprise routers or switches, and it also helps administrators by producing network traffic reports to recognise the ongoing activities of the network.

This tool can effectively collect various traffic flows such as NetFlow, sFlow, jFlow, etc., and provides less complicated data outcomes for easy understanding. It also enables you to customise various device flows into different groups to manage multiple networks as a single entity.

ManageEngine Netflow Analyzer doesn’t require any special hardware configuration to run and can map most application flows such as Oracle, PeopleSoft, MSSQL, etc. It has an ability to integrate high end Cisco technologies such as NBAR, CBQoS, etc., and also deal with real time network observation to provide in-depth analyses of what kinds of traffic, applications, and conversations are running throughout the network, which helps a network administrator to resolve issues quickly.

For pricing or more information visit:
https://www.manageengine.com/products/netflow/

Pros

  • Validation of QoS policies
  • Automated Netflow reports
  • In-depth analysis by creating IP or Device groups
  • Role-based user access

6. Caspa Free

Recommended freeware utility for LAN analysis

Caspa Free is a freeware utility for Ethernet monitoring, troubleshooting and analysis. It offers both LAN and WLAN near real-time packet analysis, capturing and automated diagnosis with its built-in functionalities such as superior packet decoding and comprehensive examination of the entire network.

Caspa Free can easily identify and analyse hundreds of network protocols with its smart custom reporting, e-mail monitoring, and TCP timing sequence charts for 24/7 network monitoring.

You can also design your own dashboard with required parameters and services to analyse real time traffic flow; even administrators are free to customise alarm triggers.

Price: Caspa Free is freeware utility and can be downloaded from the links provided below.

Download Links:
http://www.colasoft.com/download/products/capsa_free.php

Website:

http://www.colasoft.com/capsa-free/

Pros

  • In-depth LAN analysis
  • Customised automated alarms
  • Easy to understand network analysis (recommended for learning purposes)

Cons

  • Fewer options for customisation
  • Limited to Ethernet packets analysis

7. Wireshark

A freeware tool recommended for small and medium enterprise networks

Wireshark is a well-known utility which does not require introduction; almost every network specialist knows about it. This freeware application is widely used for network monitoring and analysis at a microscopic level.

This tool offers online or offline deep inspections of various protocols and can be installed on any standard platform such as Windows, Linux, OS X, Solaris, etc. It can capture data from various sources including Ethernet, WLAN, WAN and many others. Captured data can be accessed via GUI, TTY-mode or TShark utility.

Most network instructors use Wireshark in their training programs to capture packets and demonstrate the packet inspection to provide better understanding of packet flow to their students.

Website:
https://www.Wireshark.org/

Download link:
https://www.Wireshark.org/download.html

Pros

  • Read/Write support for various capture file formats such as tcpdump, Cisco Secure IDS iplog, Network General Sniffer, etc.
  • Examination of LAN/WAN protocols
  • In-depth VoIP analysis

Cons

  • Fewer options for charts/reporting
  • Limited functionalities as can be expected from freeware utilities

8. Caligare Flow Inspector

A complete network analysis with lots of conditional customisations

Caligare is an official Cisco partner in technology development and its Flow Inspector tool provides optimal NetFlow analysis with different set conditions such as source/destination IP addresses, interfaces, and TCP/UPD/ICMP protocols. It also offers real time network analysis and user data tracking so that network administrators can reduce the risk of data or network failure. The best part about this utility is its statistics reports. Using this software program you will be able to know:

  • Source and Destination hosts with the highest network utilisation
  • Most used applications throughout the network
  • Top most protocols distribution over the network
  • Source and Destination Autonomous Systems with the most network flows
  • Top interfaces, next-hops and ICMP distributions, etc.

Price: To find pricing information for the Professional edition (for 1-9 devices) or Enterprise edition (unlimited devices), follow this link http://www.caligare.com/netflow/order.php

Or, download a free version at http://www.caligare.com/netflow/free_netflow.php

Website:

http://www.caligare.com/netflow/caligare_flow_inspector.php

Pros

  • Easy QoS and VoIP analysis
  • Heuristic application recognizer
  • Well-structured statistics with various parameters
  • LDAP authentication support

Cons

  • Free and Professional versions have some limitations

9. SteelCentral Packet Analyzer

A tool with quick analysis of multi-gigabyte trace files

SteelCentral Packet Analyzer, also known as Cascade Pilot, is a product of well-known network solution company Riverbed. It is fully integrated with Wireshark and its “Send to Wireshark” feature exports only the selected traffic for deep packet inspection to Wireshark.

This tool can process multi-gigabyte trace files in a few seconds and also analyse local and remote online/offline traffic sources using simple drag-and-drop multi-level drill-down. It also detects anomalies using the “Watches” feature and helps administrators identify specific traffic through the collection of network analysis metrics called “Views.”

Price: Not disclosed by the company; you will have to contact the company’s sales executive. For a 30-day trial copy, visit http://www.riverbed.com/contact/Try-Evaluate-Cascade-Pilot-30-Day-Trial.html

Website: https://support.riverbed.com/content/support/software/steelcentral-npm/packet-analyzer.html

Pros

  • Flexible trigger-alerting mechanism
  • Rapid analysis of multi-gigabyte trace files
  • Fully integrated with Wireshark

10. Riverbed AirPcap

A must-have utility for advanced WLAN analysis with Wireshark

Riverbed AirPcap offers wireless packet capture solutions for MS Windows environments and delivers deep protocol analysis of multiple traffic flows. All 802.11 captured data can be integrated with Wireshark and SteelCentral Packet Analyzer. There are three variants of Riverbed AirPcap:

  • AirPcap Classic can capture and analyse low-level 802.11b/g wireless traffic.
  • AirPcap Tx includes all functionalities of AirPcap Classic and supports packet injection as well.
  • AirPcap Nx offers dual-band solutions including packet capture and injection for 802.11a/b/g/n, and features 2×2 MIMO with two internal antennas and two integrated MC-Card connectors for optional external antennas.

Website: https://support.riverbed.com/content/support/software/steelcentral-npm/airpcap.html

Pros

  • Integration with Wireshark and SteelCentral Packet Analyzer
  • Dual band compatibility with AirPcap Nx

Cons

  • Limited to wireless packet capture
  • Not available as a standalone product (must be integrated with Wireshark or SteelCentral Packet Analyzer)

I hope this article will be appreciated so that I will be able to offer more in this segment. You can write me at the comments section below to provide any query/feedback; I will try my best to resolve your queries.

And don’t forget to share this article on Facebook, Twitter and LinkedIn so that more people can find this helpful information.

Keep reading @ Instanseschool.com and join our Facebook group to get updates on new posts.

References:

Apart from my experience, my team, corporate clients and colleagues helped me a lot to write this article, and the following web pages provided me all the latest functionalities of these tools.

http://www.solarwinds.com/netflow-traffic-analyzer.aspx

https://www.alcatel-lucent.com/products/motive-network-analyzer-copper

https://www.alcatel-lucent.com/products/motive-network-analyzer-fiber

https://www.nagios.com/products/nagios-network-analyzer/

http://www.colasoft.com/capsa-free/

http://www.caligare.com/netflow/caligare_flow_inspector.php

https://www.manageengine.com/products/netflow/

https://en.wikipedia.org/wiki/Wireshark

https://www.Wireshark.org/

https://support.riverbed.com/content/support/software/steelcentral-npm/airpcap.html