Top 5 Open Source NetFlow Analyzers

NetFlow is a standard from Cisco for transferring of network analysis data across a network. The last thing you want to do with your routers and switches is give them the burden of analyzing network traffic, so Cisco came up with NetFlow so that you can offload the analysis to less CPU bound devices.

• NTop: a traffic analyser that runs on most UNIX variants and Microsoft Windows. In addition, ntop includes Cisco NetFlow and sFlow support. For an introduction to NTop, please see this introduction to NTop video;
• Flow-tools: a library and a collection of programs used to collect, send, process, and generate reports from NetFlow data;
• FlowScan: FlowScan processes IP flows recorded in cflowd format raw flow files and reports on what it finds. JKFlow is a XML-configurable Flowscan perl module for reading / analyzing your NetFlow data;
• EHNT: or Extreme Happy NetFlow Tool, turns streams of Netflow data into something useful and human-readable;
• BPFT: The BPFT daemon builds on top of libpcap and uses the BPF (Berkeley Packet Filter) mechanism for capturing IP traffic.

For an exhaustive list of open source and commercial NetFlow analyzers, you could do a lot worse than the FloMA: Pointers and Software collection.

Update July 2013: Ray Van Dolson has a link to NFSEN in the comments, you will also need NFDUMP.