A variety of different tools and utilities exist for the purpose of network traffic analysis. While some of these tools were developed by Cisco, others are popular third-party alternatives. Each of the bullet points listed below outlines a particular tool or utility, along with examples of the types of information that the tool provides.
- Network-Based Application Recognition (NBAR). NBAR is a network traffic classification engine that is able to recognize the traffic flows associated with a wide variety of popular network applications. NBAR is not a separate network utility, but instead a feature found in versions of Cisco’s IOS software.
- Cisco IOS NetFlow. NetFlow is one of the switching methods available on Cisco routers and switches that allows data to be gathered about the specific traffic flows that traverse the device. This information can be viewed locally on the router, or collected centrally by an application like Cisco FlowCollector and Data Analyzer. Ultimately, NetFlow data can be used to identify network applications, as well as network utilization information.
- Third-party tools. Third-party hardware and software tools are also commonly used to analyze network traffic. Examples include protocol analyzers like Sniffer, EtherPeek, Ethereal, and Microsoft’s Network Monitor utility. Another tool commonly used to analyze network traffic patterns and utilization is MRTG, which was mentioned in the network auditing section.
