5 Effective Application and Network Traffic Analyzes
Are you looking for the best Application and Network Traffic Analyzers?
Then you are in the right place.
What problems do monitoring application and network traffic solve?
A network traffic analyzer is designed to capture or log traffic as it flows across the network. At a glance this helps with the following:
- Identify what applications/protocols are running on the network
- Identify bandwidth hogs down to a user, application or device level
- Monitor client to server network traffic
- Troubleshoot network & application performance issues
I have used various traffic analyzers and these are the best ones on the market.
NetFort is a deep packet inspection program for monitoring, reporting and analyzing network, application and user activity. It is a passive network traffic analyzer, therefore it has no impact on network performance. By inspecting the content of traffic packets and the headers, LanGuardian provides detailed and accurate information about the application and network traffic.
This is one of my favorite network analyzers, It's fast, accurate and very easy to use.
NetFort you can capture all network traffic over a long period of time and provide instant visibility into network traffic.
It comes pre-built with hundreds of reports, graphs, and charts, which are all customizable. In addition, you can import WireShark pcap files to visually analyze a packet capture.
SolarWinds NTA allows you to capture netflow data to and converts that into easy to read charts and tables. The visual display of data allows you to quickly understand how the corporate network is being used, by whom and what applications are running. SolarWinds NTA has the following features:
- Bandwidth Utilizing Monitoring
- Flow Based Monitoring and Reporting
- Network Traffic Monitoring and Forensics
- Bandwidth Usage by Application
SolarWinds NTA can be combined with their Network Performance Monitor to provide a comprehensive monitoring and analysis solution. These two products integrate and provide a single console.
SolarWinds offers a 30 day Free trial, you can download your copy here.
WireShark is a very popular packet analyzer. It is used for network troubleshooting, analysis and protocol development. WireShark is a great tool for capturing traffic on a single interface or system but it is not designed to handle large volumes of traffic. If you need to troubleshoot a single application or system then this is a great choice. If you want to continuously monitor and capture all network traffic then NetFort or SolarWinds NTA is the way to go. Although I use NetFort to constantly analyze all network traffic I still use Wireshark at times.
Here is an example of how I use both.
Netfort was showing a large amount of bandwidth being used by a user in the Police department. The traffic was coming from a protocol that I could not identify, so I jumped on the user's computer, installed Wireshark and was able to determine it was a video surveillance program streaming video.
PRTG is well known for providing various tools for monitoring the network. Their Packet Sniffing tool is another great tool in their collection. It provides similar features to that of NetFort and SolarWinds NTA with the addition of using supporting different technologies to monitor data packets. To collect and monitor network traffic PRTG support SNMP, Netflow, WMI, Rest APIs and network sniffing.
PRTG only captures headers of the packets traveling across the network. This helps with speed and storage but can limit deep packet analysis.
The message Analyzer allows you to capture and analyze data from multiple sources. Its network capture features are similar to Wireshark but lacks the wide range of protocol support. What makes this tool different from WireShark is its ability to analyze data from other sources such as log files, PowerShell and more.
Another feature is the ability to identify what processes are running on the network.
Like WireShark this tool is not designed to capture all network traffic at once. It does have the ability to remotely capture traffic with the proper configuration in place. This is a nifty tool for application and network traffic analysis in Windows environments.
Network Traffic Analyzer Tools Compared
|Paessler Packet Capture
|Microsoft Message Analyzer
|Application Traffic Monitoring||Yes||Yes||Yes||Yes||Yes|
|Wire Data Analytics||Yes||Yes||Yes||Yes||Yes|
|Network Traffic Analysis||Yes||Yes||No||Yes||Yes|
|Active Directory Integration||Yes||Yes||No||Yes|
|Bandwidth by Application||Yes||Yes||Yes||Yes||Yes|
|Network Traffic Forensics||Yes||Yes (limited)||Yes (limited)||Yes||Yes|
|Custom Dashboard & Reports||Yes||Yes||No||Yes||No|
|Best for||All around
Small to large environments
Small to large environments
|single use cases||All around:
Small to large environments
|single use cases|
10 Key Features of Network Traffic Analyzers
Network Analyzers can perform many functions, here are some of the key features you should be familiar with.
1. Network Traffic Analysis Using Packet Captures
A packet capture can log traffic that passes over the network. Having a tool that can capture packets on the network can give you every detail of what's going across the wire. You can analyze the values of various fields in the packet, analyze its content and more. Not all analyzer programs capture the full packet, depending on your needs it may not be needed.
I will discuss Netflow below but I find packet capturing far superior to NetFlow in terms of network traffic analysis. I find its more accurate, easier to set up and allows for full packet inspection.
2. Monitoring The Flow of Traffic With Netflow
Netflow is a feature that can be enabled on routers and switches to collect IP traffic statistics. Netflow is not a packet capture its basically a flow log. When traffic flows across an interface on a router or switch it records information from that traffic that can be collected by a netflow analyzer. Netflow works for basic statistics like tracking source IP, destination IP, protocols and bandwidth.
Netflow was developed by Cisco if you want to learn more about this technology I recommend reading this article, Introduction to Cisco IOS Netflow
3. Detect Application and Protocols in Use
To really know what's going on in your network you need a tool that can identify applications and protocols in use. HTTP, SMB, RDP, SSL, DNS, SMTP, LDAP are just a few of the protocols that can be detected by a network analyzer.
Here is a screenshot of Netfort detecting applications in use by the user. You can also see how much network traffic each protocol/user has generated.
4. Track Bandwidth Usage to Find Bandwidth Hogs
This is often the main reason to invest in a network analyzer....to find those bandwidth hogs. Most network monitoring programs will show you real-time network usage but provide no details on what or who is consuming the bandwidth. It's frustrating to see your internet utilization at 99% with no clue whats consuming it all. A network analyzer should help pinpoint those bandwidth hogs. At the very least you should be able to find top bandwidth usage based on IP address, user, device, and protocol.
5. Track User Network Activity
You want to integrate Active Directory Users with your analyzer tool. This will help in troubleshooting and network forensics. Need to know who is streaming youtube videos? Need to know who is using an unsecured protocol like telnet? Integrating with Active Directory you can run those type of reports. Below I did a search for top users who accessed youtube.
7. Create Custom Reports
Most tools come with pre built dashboard and reports. That is great but every network is different and you need the ability to create very customized reports. In a medium to large networks capturing all traffic for analysis can be overwhelming. I like to narrow traffic down at times to a single subnet, protocol, location, user, website, IP address and so on. This really makes troubleshooting easier.
8. Top Talkers (Internal & External)
Being able to quickly spot top talkers on the network is a must have feature. When bandwidth utilization is high or application performance is slow this feature comes in very handy. You should be able to track top talkers by application, IP adders, websites, and host name.
9. Baseline Network Traffic
This can be difficult to do with a busy network but a good analyzer should make this easier. You can baseline traffic on a single system with Wireshark but to baseline all traffic you need a tool like Netfort or SolarWinds NTA. Over time you should have an idea of what normal bandwidth is, applications/protocols in use and what are the top talkers on your network.
10. Network Forensics & Security Monitoring
Advanced security threats are difficult to detect. Monitoring and capturing the flow of network is one of the best ways to identify security threats. Common use cases include:
- Identify Ransomware on the network
- Detect insecure protocols such as SMBv1
- Monitor unusual outgoing traffic
- Spot users or devices downloading large volumes of data
- Detect MAC addresses
If your looking for an application and network traffic analyzer you can't go wrong with any on this list. Wireshark and the Microsoft Message Analyzer work well in small networks and specific use cases. Netfort, SolarWinds, and Paessler can all be used for small to large environments.
Personally, I use multiple traffic analyzers. I use Netfort for continuous monitoring and Wireshark for specific issues.
To find what best fits your needs I suggest you download and try them out for yourself.
If you have a suggestion leave a comment below.