NetFlow Traffic Analyzer with Cisco NBAR support

NetCrunch Platform Module

Flow Analyzer

NetCrunch traffic analyzer processes flow data from a range of network devices using such popular protocols as IPFix and NetFlow. It supports Cisco NBAR2 and custom application traffic monitoring.

The module is part of:

  • NetCrunch Suite
  • NetCrunch for Network Infrastructure

it can be added to any NetCrunch Platform product.


Download NetCrunch Trial

NetCrunch NetFlow Traffic Analyzer (NTA) is a software-based NetFlow collector that collects traffic data, correlates it with other network data, and then allows monitoring and presentation of the current traffic state.

NetCrunch analyzer supports Cisco protocols such as Netflow, IPFIX, and Cisco NBAR technology for application monitoring.


    1. Monitor network bandwidth & traffic patterns down to the interface level
    2. Identify which users, applications, & protocols are consuming the most bandwidth
    3. Recognize IP addresses of top talkers
    4. Analyzes Cisco® NetFlow, Juniper® J-Flow, IPFIX, sFlow®, Huawei NetStream™ & other flow data
    5. Easy setup in less than an hour
  • Flow Analyzer

    NetCrunch allows you to analyze traffic using various criteria such as

    • Application Groups
    • Applications
    • IP Protocols
    • Servers
    • IP Addresses
    • Atlas Nodes
    • IP Networks
    • Domains

    The traffic can be analyzed for all nodes or for any group of nodes defined through Atlas View. NetCrunch can also collect summary performance data for each traffic category.

    @@img:flow-analytics.png NetCrunch Flow Analyzer

  • Node Flow Statistics

    NetCrunch also shows real-time flow statistics for each node. Flows Status shows both summary traffic of the node and trend in the last hour.

    The program allows setting thresholds on various metrics such as a number of packets or bytes being transmitted in the time unit.

    @@img:node-flows.png NetCrunch Node Flow Status


    1. Flow Server & Analyzer for monitoring traffic, supporting most popular protocols being used (IPFix, NetFlow (v5 & v9), sFlow, JFlow, netStream, cFlow, AppFlow, and rFlow)
    2. Supports Cisco NBAR technology for application monitoring
    3. Allows creating custom application definitions
    4. NetCrunch integrates flow data within its monitoring database (Network Atlas) so that traffic is measured properly per device instead of per IP address.
    5. NetCrunch can collect and alert on performance thresholds based on the summary traffic and for the specific node data.

    @@img:top-talkers.png Top Talkers


    @@img:flow-analyzer.png NetCrunch Flow Analyzer

    1. First, you need to enable the feature on the switch or router that supports the flow technology. Next you need to set NetCrunch as the destination for flows.

    2. Then the device sends flow data to the flow collector in specified periods of time (defined in the device settings).

    3. The analyzer processes the data to perform traffic analysis and stores the data for a short time. The user can view traffic data and observe given traffic metrics.

What is NetFlow?

NetFlow is a protocol developed by Cisco for collecting and recording IP Traffic going to and from a Cisco router or switch equipped with the NetFflow technology.

After Cisco originally developed the protocol, many other manufacturers have implemented their version of the protocol into their products, including

  • Juniper ( “JFlow”),
  • 3Com/HP,
  • Dell and Netgear (SFlow),
  • Citrix (AppFlow),
  • Ericsson (RFlow),
  • Huawei (NetStream),
  • Alcatel-Lucent (which uses CFlow).

What is Cisco NBAR2?

NBAR2 (or Next Generation NBAR) is a re-architecture of NBAR based on the Service Control Engine (SCE) with more advanced classification techniques, accuracy, and many more signatures.

NBAR2 is adopted as a Cisco cross-platform protocol classification mechanism. It supports 1000 + applications and sub-classifications, and Cisco adds/provides new signatures and signatures updates through monthly released protocol packs.

NBAR2 leverages classification techniques from SCE, which allow classification of IPv4, IPv6, and v6 transition techniques. NBAR2 can classify evasive applications like Skype and Tor, as well as business applications like ms-lync, cloud applications such as Office-365, and also mobile applications such as facetime, etc. using advanced classification techniques.

NetCrunch Platform Modules

  • NetCrunch Platform Explore core features such as alerting, dashboards and intelligent maps with widgets, making NetCrunch most productive monitoring platform on the market Read more

  • SNMP & Core Monitoring Monitor devices and services availability using 70+ built-in protocol monitors and SNMPv1,v2c,v3 equipped with dozens Monitoring Packs and 8700+ Read more

  • Logs, Servers, Virtualization, and Application Monitoring Get wide coverage of monitoring by monitoring servers, operating systems, virtualization, SQL servers, Web and Cloud. Process text logs, syslog, traps, web message, and other event sources with ease... Read more

  • Hardware and Software Inventory for Windows Get everything you to monitor Windows machines and tracking hardware and software inventory Read more

  • Layer 2 Visualization Visualize layer-2 connections, VLANs and traffic on switch ports Read more

  • Traffic Flow AnalyzerAnalyze network traffic with flows (NetFlow, sFlow and other protocols) and use Cisco NBAR2 for application monitoring Read more

  • Integration ServicesIntegrate NetCrunch with Service Desk and productivity applications. Let NetCrunch forward data to an external system Read more

  • Advanced Monitoring and AlertingUse business status to reflect critical path and service dependencies, use advance condition to react to heartbeat or missing events. Set advanced threshold conditions on metrics to detect rapid changes or abnormal behavior. Read more

  • Advanced Configuration Manage multiple NetCrunch users, organizational groups, monitoring templates and create dynamic Atlas folders Read more