Understanding how data flows across your network is a must for effective network management. But with network perimeters becoming more dynamic than ever before and nodes spread across the cloud, home offices, and corporate data centers, gaining the visibility you need is a challenge.
There are plenty of network traffic monitor software options available that can help you address these challenges, but how do you know which is best for you?
Here, we’ll explore the topic in-depth and take a look at the 6 best network traffic monitors available so you can make an informed decision.
What is network traffic?
In simple terms, network traffic is all the data flowing across a network at a given time.
For example, when you ping a server, that creates a small amount of network traffic because a few bytes* of data must be sent from your computer to the server and back. When multiple users stream high-definition video—say, for a videoconference—a lot more network traffic is created because that takes more data.
*For the network trivia buffs: a standard ping packet has 64 bytes, 56 for the actual ping packet and 8 for the header.
What is network traffic monitoring software?
The term network traffic monitoring software refers to software applications that enable administrators to capture data on network traffic in real-time and use that data for reporting, alerting, and analysis. Internet traffic monitors and bandwidth monitors are other common names for network traffic monitoring software.
Additionally, network monitoring software may use techniques like packet captures, active monitoring, and deep packet inspection (DPI) to gain granular insights about the traffic flows across a network.
Why is network traffic monitoring software important?
For the IT teams responsible for keeping networks operational, network monitoring software is an important part of day-to-day operations because of the benefits it can deliver. Namely, network traffic monitoring done well can deliver these benefits:
- Network-wide visibility: Network monitoring software enables centralized monitoring of all your devices and data flows. Additionally, many network traffic monitors allow you to create detailed network maps. As a result, you gain end-to-end visibility over your network with the ability to drill down as needed.
- Detailed SLA reporting: IT pros need a way to demonstrate they’re meeting or exceeding their service level agreements (SLAs), and network traffic monitors can address this use case well. Similarly, corporate IT departments can report on key performance indicators (KPIs).
- Enhanced security: By monitoring network traffic in real-time, you can identify potentially malicious behavior and reduce the spread or impact of malware.
- Improved network planning and inventory management: By providing centralized inventory management and detailed bandwidth utilization information, network traffic monitors allow you to make more informed decisions about hardware updates and capacity planning. Network traffic monitoring can also inform decisions about how to configure Quality of Service (QoS) across your network.
- Lower MTTR and higher uptime: Network traffic monitoring software allows you to take a proactive approach to detecting outages and brownouts (performance degradation). This means you’ll be able to address issues faster, lower your mean time to resolution (MTTR), and improve overall network performance and availability.
Must-haves in a network traffic monitor software solution
While there are no one-size-fits-all solutions in the world of network management, there are several key features you should keep in mind in the decision-making process.
- Bandwidth monitoring: One of the fundamental features of network traffic monitors is the ability to monitor and report on bandwidth utilization. At a minimum, make sure the software you choose can provide detailed information on bandwidth, throughput, latency, and jitter.
- Broad hardware and protocol support: The more hardware devices work “out of the box” with your network traffic monitor, the less complex initial configuration will be. Additionally, the more protocols the software supports, the more data you capture on traffic flows.
- Network mapping: By creating a network map, you’re better able to visualize and document your network’s layout. This enables better network visibility and allows for a deeper understanding of traffic flows.
- Detailed reporting: Detailed reports on network metrics allow you to track KPIs over time and demonstrating SLAs have been met.
- Robust security features: Keep security in mind when evaluating network monitoring software. Favor solutions that use secure protocols for monitoring, encrypt data at rest, support single sign-on (SSO) and multi-factor authentication (MFA), and can detect anomalies in network traffic (e.g., by using geolocation data).
Top network traffic monitor software
Auvik is a cloud-based network traffic monitor that’s both easy to get started with and powerful enough to provide enterprise-grade functionality. With detailed KPI reporting and features such as inventory management, network mapping, and automatic network documentation Auvik is designed with IT teams in mind.
With Auvik, network discovery is based on secure collectors deployed within a network. The collectors support a variety of deployment options (e.g., Windows install, virtual appliance, or via bash script) and enable encrypted communication back to the Auvik cloud.
- Easy and fast initial configuration
- Enables deep network visibility and insights
- Cloud-based secure access from anywhere with internet access
- Support for over 15,000+ devices
- Integrations for a wide range of platforms including Microsoft Teams, Slack, ServiceNow, and OpsGenie
- Data stored in ISO 27001, ISO 27017, and ISO 27108 certified secure data centers
- No free forever plan
- No option for on-premises installation
- TrafficInsights uses machine learning, flow data, and metadata to provide granular analysis of traffic flows
- Network mapping
- MFA support & SSO integrations with several popular providers
- Network documentation automation
- Backup and recovery automation
- Audit logging
- Robust API (application programming interface)
Flowmon is an enterprise-grade network traffic monitor that focuses on addressing both network operations (NetOps) and security operations (SecOps) use cases. For example, in addition to capturing data using protocols like NetFlow and IPFIX, Flowmon offers intrusion detection system (IDS) functionality and distributed denial of service (DDoS) monitoring.
Flowmon can monitor both on-premises and cloud infrastructure and is known for providing deep insights into packet data. Flowmon collectors can be deployed on premises as a hardware appliance or virtual appliance or in the cloud on AWS, Azure, or Google Cloud Platform.
- Enables root cause analysis
- Deep network visibility
- Advanced reporting
- Robust SecOps features
- Reputation for good support
- Cost prohibitive for many IT teams
- Configuration can become complex
- User interface isn’t intuitive
- Intelligent packet analysis
- Flow monitoring
- Public cloud and software-as-a-service (SaaS) monitoring
- Distributed denial of service (DDoS) monitoring
- Machine learning-enabled incident response
Kentik is a cloud platform dedicated to “network observability.” The Kentik platform combines traditional flow monitoring with advanced analytics and “AIOps.” Kentik supports monitoring of resources on-premises and in the cloud, and layers in security features like DDoS detection and defense.
Additionally, Kentik supports synthetic monitoring, a proactive form of monitoring that enables simulated actions to catch potential problems before users do. Kentik has a reputation for versatility and extensibility, but in some cases configuration and management can be complex.
- Deep network visibility
- Predictive analytics
- Useful for capacity planning
- Good documentation
- Steeper than average learning curve
- Initial configuration can be complex
- Network cost analytics
- Synthetic monitoring
- Network mapping
- Robust API
- DDoS detection and prevention
SolarWinds NetFlow Traffic Analyzer
SolarWinds NetFlow Traffic Analyzer (NTA) is a traffic monitor that provides detailed real-time traffic and bandwidth monitoring. NTA supports a wide variety of flow protocols and has support for instrumentation from many major network hardware vendors including Cisco, Huawei, Palo Alto, Riverbed, and Juniper.
In addition to providing the detailed bandwidth and traffic monitoring and alerting you’d expect from a commercial network traffic monitor, NTA offers other features that can help you further optimize your network. For example, pre- and post-CBQoS (class-based quality of service) policy reporting can visualize the impact of your CBQoS policies.
Like many SolarWinds products, NTA needs to be installed on a Windows operating system. Reporting can be both a pro and a con when it comes to NTA. On a positive note, you can perform detailed reporting with NTA and reports are customizable. A potential downside of NTA reporting is it can get complex to manage and create the reports you want.
- Intuitive dashboards
- Detailed flow analytics and bandwidth monitoring
- Part of popular Orion platform
- Support for wide variety of devices
- Can only be installed on Windows
- No free forever tier
- Flow data analytics for popular flow protocols
- Track bandwidth usage by IP group or application
- Application recognition using Network Based Application Recognition 2 (NBAR2)
- Integrates with Windows Active Directory (AD)
- Customizable reports
Plixer Scrutinizer is a robust network traffic monitor with a rich set of features for traffic analysis and network security.
Scrutinizer is installed as a virtual appliance or Amazon Machine Image (AMI) in the AWS cloud. Once installed, it leverages a variety of network protocols, including flow protocols, to deliver in-depth network traffic reporting, alerting, and analysis.
One of the biggest upsides of Scrutinizer is that it can integrate with a wide range of platforms including Splunk, Grafana, and ServiceNow. One of the biggest downsides is that it can be a complex tool to get started with.
- Intelligent packet analysis
- Integrates well with many platforms
- Good documentation
- Free forever version
- Can be complex to install and configure
- Some features only available in most expensive tier
- Real-time DDoS detection
- Robust API
- Network maps
ntop (yes, all lowercase!) provides a suite of popular packet capture and network traffic analysis tools. For network traffic monitoring, ntopng a network traffic probe—and the successor to the namesake ntop tool—is an excellent choice for many use cases. This is particularly true if you need a free tool that can be installed on a wide variety of platforms.
ntopng can be installed on Windows, macOS, and a variety of Linux and Unix platforms including the popular open source firewall program pfSense. In addition to a robust command-line interface (CLI), ntopng offers an intuitive web interface as well.
ntopng has four tiers ranging from community (a free and open-source version) to Enterprise L (their highest commercial tier). Even the community tier provides a robust set of traffic monitoring features including network mapping.
- Open source community edition distributed under GNU GPLv3
- Commercial editions free for education and nonprofits
- Scalable from single PC to enterprise
- Robust CLI is easily scriptable
- Commercial license required for some features
- Different products required for
- Identify top talkers on a network
- Sort based on a variety of metrics, including Layer 7 protocols
- Long-term reports
- Correlation of VPN users to traffic data
- Behavioral traffic analysis