You don’t need a six-figure budget to see what’s eating your bandwidth. If you have a router or switch that exports NetFlow, IPFIX, sFlow, or jFlow, you’re already sitting on a goldmine of traffic data. The only missing piece is a free NetFlow monitor to collect and analyze it.
Plixer’s Scrutinizer is the gold standard. The free version is limited to and keeps data for 5 hours of raw detail (aggregated views go back 30 days). For most SMBs and labs, 10k fps is huge.
interface GigabitEthernet0/1 ip flow ingress ip flow egress flow exporter MY_EXPORTER destination 192.168.1.100 (Your monitor’s IP) transport udp 2055 source Loopback0 free netflow monitor
ip flow-export source Loopback0 ip flow-export version 9 ip flow-export destination 192.168.1.100 2055
The community edition caps at 1 million active flows . That’s fine for branch offices or labs, but not a core data center. 3. ELK Stack (Elasticsearch, Logstash, Kibana) + ElastiFlow Best for: DIY warriors who want unlimited scalability. You don’t need a six-figure budget to see
It runs best on a dedicated VM (Windows or Linux). The interface is powerful but has a 2010-era learning curve. 2. ntopng (Community Edition) Best for: Real-time visibility and edge monitoring.
On pfSense/OPNsense: Services > NetFlow > Enable + set collector IP. On Ubiquiti UniFi: System > Advanced > NetFlow Export (IP + Port 2055). Before you build a whole stack, point your router’s NetFlow export to a laptop running ntopng in a Docker container : Plixer’s Scrutinizer is the gold standard
ElastiFlow is an open-source template that turns Elasticsearch into a NetFlow collector. You bring the servers, it brings the network analytics.