Alternatives to ntopng
Compare ntopng alternatives for your business or organization using the curated list below. SourceForge ranks the best alternatives to ntopng in 2026. Compare features, ratings, user reviews, pricing, and more from ntopng competitors and alternatives in order to make an informed decision for your business.
-
1
Paessler PRTG
Paessler GmbH
Paessler PRTG is an all-inclusive monitoring software solution developed by Paessler. Equipped with an easy-to-use, intuitive interface with a cutting-edge monitoring engine, PRTG optimizes connections and workloads as well as reduces operational costs by avoiding outages while saving time and controlling service level agreements (SLAs). The solution is packed with specialized monitoring features that include flexible alerting, cluster failover solution, distributed monitoring, in-depth reporting, maps and dashboards, and more. PRTG monitors your entire IT infrastructure. All important technologies are supported: • SNMP: ready-to-use and custom options • WMI and Windows Performance Counters • SSH: for Linux/Unix and macOS systems • Traffic analysis using flow protocols or packet sniffing • HTTP requests • REST APIs returning XML or JSON • Ping, SQL, and many moreStarting Price: $2149 for PRTG 500 -
2
SKUDONET
SKUDONET
SKUDONET Enterprise Edition is an Application Delivery and Security Platform built on Linux Debian 12.5 LTS for critical enterprise environments. Formerly known as Zevenet, it provides advanced L4/L7 load balancing, integrated WAF, TLS management with Let’s Encrypt and wildcard support, and protocol-aware traffic inspection across on-premises, hybrid, or cloud deployments, including SkudoCloud SaaS. A free trial is available for evaluation on the SKUDONET website. Key Features & Benefits: • High Availability: Clustering and failover to minimize downtime. • Advanced Security: WAF, L7 filtering, DoS protection, TLS with Let’s Encrypt and wildcard support. • Scalability: Optimized for high-throughput workloads with multi-core processing and efficient packet handling. • Traffic Control: Session persistence, custom routing rules, and granular L4/L7 inspection. • Centralized Management: Unified dashboard for configuration, monitoring, and policy automation.Starting Price: $1736/year/appliance -
3
Elecard Boro
Elecard
Video quality control tool. Software solution for UDP, RTP, HTTP and HLS streams quality control and measurement of QoS and QoE parameters in all segments of distributed networks. Probes operating 24/7. You have total control over the network. Less than 30 minutes to begin monitoring your streams. Save on specific equipment, reduction of network maintenance expenses. Friendly data layout and all the advantages of web interface. Stable customer base thank to continuous quality control and quick fixation of detected violations. Available as a cloud service or stand-alone solution for local networks. Elecard Boro software probes monitor packet loss, video freeze, SCTE35 labels for UDP/HLS/DASH/RTP/HTTP. The solution provides fast and cost-effective monitoring of content delivery networks and ensures localization of the most common violations.Starting Price: $175 per month -
4
Obkio
Obkio
Network Performance Monitoring Made Easy. Obkio is a simple Network Monitoring and Troubleshooting SaaS solution that allows users to continuously monitor the health of their network and core business applications to improve the end-user experience. The innovative software application identifies the causes of intermittent network, VoIP, video, and applications slowdown in seconds and collect information to quickly troubleshoot problems before they affect your end-users. Deploy network monitoring Agents at strategic locations in a company's offices or network destinations such as data sites, remote sites, external client sites, or public or private clouds to continuously monitor performance using synthetic traffic exchanged every 500ms. Obkio's Agents give you a 360-degree overview of your network by measuring the network metrics like matter most (jitter, latency, packet loss, VoIP quality), and alerting you of any performance degradation.Starting Price: $399 per month -
5
myEPITIRO
Epitiro
Epitiro remote network monitoring probes keep you informed of your Ethernet, Wi-Fi, and/or LTE service performance and user experience. Deploy Epitiro hardware probes at key locations and continuously test network performance and bandwidth for multiple broadband networks. Easily configure test networks and schedules from our cloud interface. Test on demand or on schedule. Set-up performance alerts for you and your team. Assure captive portal and splash page operation and performance. Invite your team and customer stakeholders to securely view performance from their desktop or mobile app. Enterprise class administrative features and scalability. Comprehensive end-to-end performance tests include Ookla Speedtest, Latency, Jitter, Packet Loss, application performance for Browsing, Dropbox, Youtube as well as iPerf and traceroute support. QoS. QoE.Starting Price: $199 per probe -
6
tcpdump
tcpdump
Tcpdump is a powerful command-line packet analyzer that allows users to display the contents of network packets transmitted or received over a network to which the computer is attached. It operates on most Unix-like systems, including Linux, Solaris, FreeBSD, NetBSD, OpenBSD, and macOS, utilizing the libpcap library for network traffic capture. Tcpdump can read packets from a network interface card or from a previously created saved packet file, and it provides options to write packets to standard output or a file. Users can apply BPF-based filters to limit the number of packets processed, enhancing usability on networks with high traffic volumes. The tool is distributed under the BSD license, making it free software. In many operating systems tcpdump is available as a native package or port, which simplifies installation of updates and long-term maintenance.Starting Price: Free -
7
GateSpeed
GateSpeed
Dramatic increases in demand for bi-directional content, robust data, and efficient processing, have significantly hampered network throughput performance, worsening traffic at critical choke points across data networks. GateSpeed’s unique network optimization platform drives data throughput and hardware efficiency improvements at these choke points, with performance benefits and cost savings that hit the bottom line. Whether deployed at the network edge, on network links and load balancers, or directly at the data center, GateSpeed technology offers single-point or end-to-end optimization for integration into your long-term network infrastructure and development strategy. With our innovative packet-forwarding engine, and customized Data Plane Development Kit (DPDK), GateSpeed achieves 5X and greater packet throughput over standard Linux deployments, and substantially greater throughput than standard DPDK solutions on the market today. -
8
LiveWire
BlueCat
LiveWire is a high-performance network packet-capture and forensic-analysis platform that captures and stores detailed packet data across physical, virtual, on-premises, and cloud networks. It is designed to give Network-Ops and Security teams deep visibility into network traffic, from data centers to SD-WAN edges, remote sites, and cloud environments, filling in the blind spots left by telemetry-only monitoring. LiveWire delivers real-time packet capture that can be selectively stored and analyzed with advanced workflows, visualizations, and correlation tools; it can automatically detect encrypted traffic and store only what’s needed (headers or metadata), saving disk space while preserving forensics data. It supports “intelligent packet capture,” converting packet-level data into enriched flow-based metadata (called LiveFlow), which can feed into the companion monitoring platform BlueCat LiveNX. -
9
Jolata
Jolata
Jolata can monitor every packet at microsecond granularity and correlate at millisecond intervals. Jolata can process every packet and visualize the results within seconds on its beautiful, easy-to-use UI. Jolata can analyze every packet and flow, at any location across a nationwide network. Customers lack precise visibility into their network, making it difficult to pinpoint the exact source of performance degradation. Jolata provides segment-by-segment metrics, in real-time with actual network traffic. Customers need to evaluate vendor equipment to ensure equipment will meet performance claims. Jolata provides ability to compare equipments with actual traffic loads. Customers need to future-proof their network due to traffic mix change. Jolata enables operators to confirm whether current infrastucture will meet future expectations. -
10
nChronos
Colasoft
nChronos is an application centric, deep-dive network performance analysis system. It combines the nChronos Console with the nChronos Server to deliver the capability of 24x7 continuous packet capturing, unlimited data storage, efficient data mining and in depth traffic analysis solution. nChronos captures 100% of all data captured for real-time analysis as well as historical playback. nChronos is designed for monitoring the network traffic in medium and large corporates. It connects to company's core router or switch and monitors all network traffic, emails and chat sessions inbound and outbound. Also, it provides the ability to monitor abnormal traffic and alert upon detection of "Suspicious Conversations". Only when network engineers monitor network activities of the entire network at the packet level are they able to identify abnormal network activities and protect their companies from cyber-crime and cyber-attacks. -
11
Elastiflow
Elastiflow
The most complete network observability solution for use with modern data platforms, providing unprecedented insights at any scale. ElastiFlow allows organizations to achieve unprecedented levels of network performance, availability, and security. ElastiFlow provides granular information about network traffic flows, including source and destination IP addresses, ports, protocols, and the amount of data transmitted. This information allows network administrators to gain deep insights into the network's performance and identify potential issues. ElastiFlow is highly valuable for diagnosing and troubleshooting network issues such as congestion, high latency, or packet loss. By analyzing the network traffic, administrators can pinpoint the cause of the problem and take appropriate action to resolve it. By leveraging ElastiFlow, organizations can improve their security posture, detect and respond to threats more effectively, and maintain compliance with regulatory requirements.Starting Price: Free -
12
Noction IRP
Noction
Noction IRP is an edge-deployed BGP optimization platform that analyzes traffic in real-time to detect congestion, link failures, and performance degradation. The system continuously probes network routes across all available providers, measuring latency, packet loss, and historical reliability to identify the best paths for both inbound and outbound traffic. IRP manages ingress and egress bandwidth intelligently, distributing traffic flows across providers to minimize costs while maintaining quality of service. The platform automatically reroutes traffic when the thresholds are reached, ensuring optimal delivery for all traffic types. Built-in Automatic Anomaly Detection (AAD) provides DDoS protection by analyzing traffic behavior and identifying deviations from established baselines. AAD detects volumetric floods, amplification attacks, TCP SYN floods, and application-layer threats, then executes mitigation automatically using BGP FlowSpec and RTBH mechanisms. -
13
SmokePing
SmokePing
SmokePing is a deluxe latency measurement tool. It can measure, store and display latency, latency distribution, and packet loss. SmokePing uses RRDtool to maintain a long-term data store and to draw pretty graphs, giving up-to-the-minute information on the state of each network connection. Click on any graph in detail mode and use the mouse to mark your area of interest in the navigator graph. Show information from multiple targets in a graph. With one central Smokeping Master node, you can run a series of Slave nodes, taking their configuration from the master. This allows you to ping a single target from multiple locations. The standard deviation is now used in several places to give a number for the variation in round trip times as depicted by the smoke. Wide variety of probes, ranging from simple ping to web requests and custom protocols. Master/slave deployment model to run measurements from multiple sources in parallel.Starting Price: Free -
14
Azure Network Watcher
Microsoft
Monitor and diagnose networking issues without logging in to your virtual machines (VMs) using Network Watcher. Trigger packet capture by setting alerts, and gain access to real-time performance information at the packet level. When you see an issue, you can investigate in detail for better diagnoses. Build a deeper understanding of your network traffic pattern using network security group flow logs and virtual network flow logs. Information provided by flow logs helps you gather data for compliance, auditing and monitoring your network security profile. Network Watcher provides you the ability to diagnose your most common VPN gateway and connections issues. Allowing you, not only, to identify the issue but also to use the detailed logs created to help further investigate.Starting Price: $0.50 per GB -
15
Capsa
Colasoft
Capsa, a portable network performance analysis and diagnostics tool, provides tremendously powerful and comprehensive packet capture and analysis solution with an easy to use interface allowing both veteran and novice users the ability to protect and monitor networks in a critical business environment. Capsa aids in keeping you assessed of threats that may cause significant business outage. Capsa is a portable network analyzer application for both LANs and WLANs which performs real-time packet capturing capability, 24x7 network monitoring, advanced protocol analysis, in-depth packet decoding, and automatic expert diagnosis. Capsa's comprehensive high-level window view of entire network, gives quick insight to network administrators or network engineers allowing them to rapidly pinpoint and resolve application problems. With the most user-friendly interface and the most powerful data packet capture and analysis engine in the industry, Capsa is a necessary tool for network monitoring. -
16
CommView
TamoSoft
CommView is a powerful network monitor and analyzer designed for LAN administrators, security professionals, network programmers, home users…virtually anyone who wants a full picture of the traffic flowing through a PC or LAN segment. Loaded with many user-friendly features, CommView combines performance and flexibility with an ease of use unmatched in the industry. This application captures every packet on the wire to display important information such as a list of packets and network connections, vital statistics, protocol distribution charts, and so on. You can examine, save, filter, import and export captured packets, view protocol decodes down to the lowest layer with full analysis of over 100 supported protocols. With this information, CommView can help you pinpoint network problems and troubleshoot software and hardware. The newest CommView version 7.0 introduced SSL/TLS traffic decryption on the fly. -
17
Airtool 2
Intuitibits
Capture Wi-Fi traffic using your Mac’s adapter or Zigbee and BLE traffic using compatible USB dongles and automatically launch Wireshark for post-processing and analysis. Offers several flexible configuration options to accommodate the capture requirements of any packet analysis and troubleshooting task. Integrates with popular cloud services such as CloudShark and Packets to automatically upload, analyze, or share your captures. Capturing Wi-Fi traffic is an essential task of protocol analysis. Whether you’re trying to resolve Wi-Fi connectivity, roaming or configuration problems, analyzing your Wi-Fi network’s performance, you will certainly need to perform packet captures. Airtool lets you capture Wi-Fi packets in the easiest way possible. With advanced features such as automatic packet slicing and capture file limits and rotation, Airtool is a must-have tool for every wireless LAN professional.Starting Price: $36.61 one-time payment -
18
NETSCOUT vSTREAM
NETSCOUT
Visibility for performance management, user experience, and cybersecurity in virtualized environments. NETSCOUT's vSTREAM virtual appliance complements existing Adaptive Session Intelligence (ASI)-based instrumentation to provide the same smart data visibility within virtualized and cloud infrastructures that are already possible in physical environments. The vSTREAM is ideal for monitoring service-critical traffic running within virtualized and/or cloud infrastructures. With deep packet inspection at scale, organizations have the end-through-end visibility needed to assure network and application performance and high-quality user experiences in virtual environments. Leverage end-through-end visibility across data centers, multi-cloud, and remote offices to assure high-quality user experiences anywhere. Scalable and simplified packet-data visibility and analysis is easy to deploy, manage, and fit into your organization’s budget. -
19
WireEdit
Omnipacket
WireEdit allows WYSIWYG editing of Pcap data in situ for any network stack at any stack layer while preserving the binary integrity of the data. Data editing is done in a break-proof manner with the lengths, checksums, offsets, and other inter and intra-packet dependencies recalculated on-the-fly for all affected packets and protocol layers. One could think of WireEdit as a Microsoft Word™ for captured network data. All other packet editing tools are very limited in their ability to edit binary encoded stack layers above TCP/UDP without breaking packets' integrity. WireEdit is a full-stack packet editor by design. It doesn't break packets' integrity at any layer. WireEdit with IETF protocols support is $95/day (24 hours). Other packages/durations as well as site licenses are available. WireEdit is a proprietary, enterprise level captured network traffic editor. Full support for all 4G/LTE 3GPP Mobile Core protocols and interfaces including SS7, RANAP, DIAMETER, and VoLTE.Starting Price: $95 per day -
20
Trisul Network Analytics
Trisul Network Analytics
In today's bandwidth unconstrained, encrypted, cloud-centric networks you can no longer separate traffic analytics from security and investigation activities. Trisul helps organizations of all sizes deploy full-spectrum deep network monitoring which can serve as a single goto source of truth for performance monitoring, network design, security analytics, threat detection, and compliance. Traditional approaches based on SNMP, Netflow, Agents, or Packet Capture have a narrow focus and rigid vendor-supplied analytics. Trisul is the only platform that provides a rich and open platform you can innovate upon. Includes a tightly integrated backend datastore and a web UI. Yet, open enough to plug into a different backend or to drive Kibana, Grafana UIs. Our design goal is to pack as much performance as we can in a single node. For larger networks scale out by adding more probes and hubs.Starting Price: $950 one-time payment -
21
Junos Traffic Vision
Juniper Networks
Junos Traffic Vision is a licensed traffic sampling application for MX Series 3D Universal Edge Routers. It provides details on network traffic flows that is useful for a wide variety of operations and planning activities. Junos Traffic Vision monitors packets as they are processed by the router, and captures details such as source and destination addresses, packet and byte count information. These details are aggregated and exported in a standards-based format for analysis and presentation by Juniper and third-party-based tools that support usage-based accounting, traffic profiling, traffic engineering, attack and intrusion detection, and SLA monitoring. Implemented inline and on service cards that provide high performance and scale, Junos Traffic Vision can be deployed in both active and passive configurations and can take place alongside lawful intercept filtering and port mirroring without impacting performance. -
22
cPacket
cPacket Networks
cPacket enables network-aware application performance and security assurance for the distributed hybrid-IT environment. Our single-pane-of-glass analytics power advanced machine learning-based AIOps. With cPacket, you can efficiently manage, secure and future-proof your network enabling digital transformation. The industry’s most complete, yet simple, network visibility stack provides all the components you need to manage your hybrid network across branch, data center and the cloud.Starting Price: cVu-V - $21,000/year -
23
FlowCoder
Omnipacket
FlowCoder is a WYSIWYG programming framework for prototyping, debugging, validation, fuzzing as well as functional, load, and security testing of computer networks. It allows building packets for a variety of network protocols, sending them on the wire, receiving and analyzing incoming network traffic, matching requests with replies, keeping and changing the state and much more. Local execution is the simplest case. All packets sent by FlowCoder originate on a local host. Packets coming back in response are processed there as well. Only FlowCoder IDE components run locally. A flowchart, once created, is shipped for execution to a cloud running multiple instances of the flowchart processor engine. Packets are originated and processed in a cloud. The local user gets back diagnostics and statistical data. Playing MITM in a cloud. Flowchart sees the packets passing between a pair of network end-points, and could modify them at any stack layer. -
24
StreamGroomer
Streamcore
StreamGroomers monitor and regulate the traffic across Wide Area Networks (WAN). StreamGroomers integrate transparently, regardless of network architecture, between the LAN and WAN access router and are administered via an out-of-band management network. Continuous service is ensured using high-availability architectures. StreamGroomers analyze network traffic at wire speed, collecting comprehensive measurements and packet data at distributed points in your network. Indicators are calculated from this data in real-time to show current network performance. This data is aggregated and sent to a central repository with minimal network overhead, enabling fast drill down analysis and troubleshooting as well as providing detailed records for forensics. The StreamGroomer’s Deep Packet Inspection analyzes Layer 2-7 packet data to identify applications and user sessions against a predefined catalog of 400+ services. -
25
BitTorrent
BitTorrent
The world's biggest distributed network, powered by BTT. BTT is a TRC-10 utility token based on the blockchain that powers features of the most popular decentralized protocols and applications in the world. DApps powered by BTT includes BitTorrent Speed, BitTorrent File System, DLive, and others in the pipeline. BitTorrent Speed is available as a feature of BitTorrent and µTorrent Web, as well as µTorrent Classic. With BitTorrent Speed enabled, downloaders will have the option of providing tokens to uploaders in exchange for faster download speed. By introducing an incentive of earning BTT tokens, uploaders have a reason to seed files longer and to dedicate more of their bandwidth and storage to other torrent clients in the network. BTT, which serves as a crypto torrent token in BitTorrent Speed, is responsible for powering a healthier BitTorrent protocol. BitTorrent Speed automatically bids BitTorrent (BTT) to other users for faster speeds. Just use the torrent program like normal. -
26
Nping
Nmap
Nping is an open source tool for network packet generation, response analysis and response time measurement. Nping can generate network packets for a wide range of protocols, allowing users full control over protocol headers. While Nping can be used as a simple ping utility to detect active hosts, it can also be used as a raw packet generator for network stack stress testing, ARP poisoning, Denial of Service attacks, route tracing, etc. Nping's novel echo mode lets users see how packets change in transit between the source and destination hosts. That's a great way to understand firewall rules, detect packet corruption, and more. -
27
EndaceProbe
Endace
EndaceProbes provide Scalable, Always-On, Hybrid Cloud packet capture that enables SOC, NOC and IT teams to quickly investigate and resolve cybersecurity and network performance issues: * Bring clarity to every incident, alert or issue with an open packet capture platform that integrates with all your commercial, open source or custom-built tools. * See exactly what’s happening on the network so you can investigate and defend against even the toughest security threats. * Capture vital network evidence, so you can quickly resolve Network and Application Performance issues or outages. The EndaceProbe Platform brings tools, teams and workflows together into an integrated ecosystem: * Full Packet Capture data available at your fingertips from all your tools. * Built into existing workflows so teams don’t have to learn more tools. * A powerful open platform to deploy your favorite security or monitoring tools on. -
28
ARIA SDS Packet Intelligence
ARIA Cybersecurity Solutions
The ARIA Packet Intelligence (PI) application gives OEMs, service providers, and security professionals a better way to use SmartNIC technology to support two important use cases: advanced packet-level network analytics and cyber-threat detection, response, and containment. Network analytics: ARIA PI provides complete visibility into all network traffic and feeds valuable analytics data to packet delivery accounting tools, quality of service systems, and SLA monitoring applications. All of this helps companies provide better service and maximize revenues tied to usage-based billing. Cyber-threat detection, response, and containment: ARIA PI also feeds metadata to threat detection tools for complete visibility into all network traffic, including east-west data flows. This improves the effectiveness of existing security solutions, such as SIEMs and IDS/IPS tools, and gives security teams a better way to detect, respond, contain, and remediate even the most advanced cyber threats. -
29
WAN Killer
SolarWinds
It’s often not enough to focus on latency or bandwidth utilization. Network stress testing can reveal how spikes in packet levels may impact network device performance. The WAN Killer tool in Engineer’s Toolset serves as a network stress tester by generating and sending packets to provide a realistic idea of how devices would perform in the event of sudden or extreme jumps in traffic. The information you get from a network stress test can help you figure out how to strengthen your infrastructure before serious issues occur. Being able to simulate network traffic means you can take a proactive approach to managing network performance, which is useful if, for instance, you plan to roll out a new application to your network. You can also send simulated traffic to see if your application’s traffic will receive appropriate priority. If not, you can find and resolve the issues that may stand in the way of providing the best quality of service. -
30
Nagios Network Analzyer
Nagios Enterprises
Network Analyzer provides an in-depth look at all network traffic sources and potential security threats allowing system admins to quickly gather high-level information regarding the health of the network as well as highly granular data for complete and thorough network analysis. Network Analyzer provides a central view of your network traffic and bandwidth data as well as potential network compromises. The powerful home dashboard provides an at-a-glance view of critical netflow or sflow data sources, server system metrics, and abnormal network behavior for quick assessment of network health. Users can easily drill down to see specific information on individual IPs, source port, destination port, or any combination thereof. Network Analyzer’s advanced alerting and reporting capabilities provide IT staff with superior awareness of their network. Highly granular, down-to-the-packet data can be accessed and archived for further tracking and analysis.Starting Price: $1995.00 -
31
6WINDGate
6WIND
In the 6WINDGate software architecture, the control plane and data plane are separate. Within the data plane, the 6WINDGate fast path runs isolated from the Linux operating system on a dedicated set of processor cores. The fast path protocols process the majority of network packets without incurring any of the Linux overheads that degrade overall performance. The fast path implements a run-to-completion model whereby all cores run the same software and can be allocated as required according to the necessary level of packet processing or Linux application performance. Only those rare packets that require complex processing are forwarded to Linux, which performs the necessary management, signaling and control functions. Packet processing information that is configured or learned (through control plane protocols) in Linux is automatically and continuously synchronized with the fast path so that the presence of the fast path is completely transparent to Linux and its applications. -
32
Tessabyte Throughput Test
Netmantics
Tessabyte Throughput Test is an application for testing the performance of a wireless or wired network. This utility continuously sends TCP and UDP data streams across your network and computes important metrics, such as upstream and downstream throughput values, packet loss, and round-trip time, and displays the results in both numeric and chart formats. It supports both IPv4 and IPv6 connections and allows the user to evaluate network performance depending on the Quality of Service settings. In addition to this core functionality, the application can generate reports, conduct pre-scheduled tests, and allows payload customization. Tessabyte can be used for capacity testing, link quality analysis, testing network congestion, WLAN performance evaluation, Quality of Service (QoS) assessment, firmware and hardware updates validation, network topology planning, comparative benchmarking, load balancing verification, SLA compliance verification, and hardware compatibility testing.Starting Price: $0 -
33
ZoneRanger
Tavve
ZoneRanger enables network operations teams to fully extend their management applications to networks that are traditionally hampered by security restrictions. Now, 100% of management traffic of any protocol type can be captured safely, offering network operations complete visibility to the networks they manage. Deep packet inspection (DPI) offers enhanced security, secure remote airgap network monitoring, and narrower attack surface through minimized open firewall ports in your network, reducing the need for rule change management and the likelihood of human error. Confidently deploy management applications into traditional DMZ, hybrid-trust, and zero trust networks, providing transparency to management applications and end-devices, statistical analysis of UDP traffic, and accelerated network onboarding – especially useful for managed services providers or large company mergers/divestures. -
34
Snort
Cisco
Snort is the foremost Open Source Intrusion Prevention System (IPS) in the world. Snort IPS uses a series of rules that help define malicious network activity and uses those rules to find packets that match against them and generates alerts for users. Snort can be deployed inline to stop these packets, as well. Snort has three primary uses: As a packet sniffer like tcpdump, as a packet logger — which is useful for network traffic debugging, or it can be used as a full-blown network intrusion prevention system. Snort can be downloaded and configured for personal and business use alike. Once downloaded and configured, Snort rules are distributed in two sets: The “Community Ruleset” and the “Snort Subscriber Ruleset.” The Snort Subscriber Ruleset is developed, tested, and approved by Cisco Talos. Subscribers to the Snort Subscriber Ruleset will receive the ruleset in real-time as they are released to Cisco customers. -
35
Telesoft CERNE
Telesoft
With the rise in the global datasphere only set to accelerate with the advances in IoT and 5G technology, the cyber threat landscape will also continue to grow. Our intrusion detection system, the CERNE, helps protect, secure and guard our customers from attack. The CERNE provides real-time monitoring and historical intrusion detection capabilities helping security analysts detect intrusions, identify suspicious activity and monitor network security by storing IDS alert traffic while reducing unnecessary storage. The Telesoft CERNE combines a high rate 100Gbps IDS engine with an automated record of relevant network traffic for real-time and historical threat investigation and digital forensics. CERNE continuously scans and captures network packets and only stores traffic associated with an IDS alert, discarding all other traffic, giving an analyst rapid access to critical packets up to 2.4 seconds before an event. -
36
EMCO Ping Monitor
EMCO Software
EMCO Ping Monitor software helps you monitor the up/down state and the connection quality of network devices. The tool can send you notifications when the host state or the connection quality of the monitored hosts changes. For every host, the program collects detailed statistics including the uptime, outages, latency, and other monitoring metrics, so you can analyze the host performance during any historical period and generate detailed reports. The program is designed to automatically ping network hosts and detect their outages and connection quality problems. It uses ICMP pings to detect the up/down status of the monitored hosts and estimates their real-time connection quality based on packet loss, latency, and jitter metrics. The program stores information about every ping and allows you to get detailed statistics for any host during any historical period, such as the list of outages, uptime percent, average latency, latency deviation, etc. -
37
Cryptomage
Cryptomage
Threat detection provides deep inspection of every single network packet including transported data with: Network protocol discovery and validation – easily check unknown and hidden protocols. Machine Learning algorithms – proactive traffic risk-scoring. Network steganography detection of hidden network traffic, including data leaks, espionage channels, and botnets. Proprietary steganography detection algorithms – effective way of uncovering methods of hiding information. Proprietary steganography signature database – comprehensive collection of known network steganography methods. Forensics to better measure the ratio of security events against source of traffic. Extraction of high-risk network traffic – easy to analyze and focus on specific threat levels. Storage of processed traffic metadata in extended format – faster trend analysis. -
38
NetVizura NetFlow Analyzer
Soneco
NetFlow Analyzer is an easy solution for net admins to better understand bandwidth consumption, traffic trends, applications, hosts and traffic anomalies, by visualising the traffic by network devices, interfaces and subnets, traffic segments and end users. NetFlow Analyzer utilizes Cisco® NetFlow, IPFIX, NSEL, sFlow and compatible netflow-like protocols to help net admins with bandwidth monitoring, network traffic investigation, analyses and reporting. This way, companies can optimise networks and applications, plan network expansion, minimize time spent on troubleshooting and diagnostics, and improve security. NetVizura allows you to define custom traffic to be monitored based on IP subnets and traffic characteristics like protocol and service used. Monitor specific traffic for each organisational unit in your network such as departments, remote sites and collections of regional offices by identifying them with IP subnets. -
39
LanTopoLog 2
Yuriy Volokitin
- Automatic physical network topology discovery based on SNMP - Provide detailed and searchable physical network topology map - LanTopoLog Switch Port Mapper tool maps the physical port connections of a switch to MAC and IP addresses of the attached devices - Shows VLAN assignment, port status, port's current speed, LACP/LAG ports - Detecting new devices in the network and notifying of this event - Display the Spanning Tree Status and STP events - Icon context menu for custom command - Monitoring device's state (active/inactive) in real-time using ICMP - Generating alarms when there are failures in the network - E-mail alerts notifying - Web browser-based access from anywhere in the network - LanTopoLog uses WMI queries to collect computer inventory information - Resolve ip to name, export computer list to csv file - Monitoring invalid and dropped packets (ifInErrors, ifInDiscards) - Notify the administrator when traffic thresholds are exceeded - Easy-to-use interfaceStarting Price: $50.00/one-time -
40
Scapy
Scapy
Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks, or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tshark, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel), etc. Scapy runs natively on Linux, Windows, OSX, and on most Unixes with libpcap. The same code base now runs natively on both Python 2 and Python 3. Scapy development uses the Git version control system. Scapy reference repository is hosted on GitHub.Starting Price: Free -
41
Ostinato
Ostinato
Whether you are testing circuit bandwidth, storm control, L2/L3 forwarding, QOS, load balancing, SD-WAN application policies, multicast snooping or any of the other myriad things network engineers do during their day, you need to test with traffic - in lab or production. The networking industry has the gold-standard Ixia/Spirent traffic generator hardware. You may even have used them at work. Thousands of network engineers are using Ostinato to verify and troubleshoot their networks. Create packets from scratch - specify protocols and protocol fields to match your requirements. Configure and control multiple traffic-generating agents from a single controller. Fully featured Python API for scripting and automation - anything you can do via the GUI, you can do via the API (the GUI is built on top of the API).Starting Price: $149 per year -
42
Yandex Network Load Balancer
Yandex
Load Balancer uses technologies running on Layer 4 of the OSI model. This lets you process network packets with minimum delay. You set rules for TCP or HTTP checks and load balancers monitor the status of cloud resources. Resources that fail the check aren’t used. You pay for the number of load balancers and the amount of incoming traffic. Outgoing traffic is charged the same as other Yandex Cloud services. Load balancers distribute load based on the client address and port, resource availability, and network protocol. If the instance group parameters or members change, the load balancer adjusts automatically. When incoming traffic changes abruptly, you don’t need to reconfigure the load balancers. -
43
Cyberoam
Sophos
Cyberoam offers a complete virtual security solution to organizations with its virtual network security appliances (Next-Generation Firewalls/UTMs), virtual Cyberoam Central Console for centralized management, and Cyberoam iView software for centralized logging and reporting. The Xstream architecture makes traffic handling more efficient with a high-performance single streaming DPI engine and greatly improved TLS Inspection throughput. The dedicated Xstream Flow Processor in every XGS Series appliance offloads SaaS, SD-WAN, and cloud traffic at the hardware level, reducing the burden on the main CPU. This accelerates performance by adding headroom for TLS 1.3 decryption, deep packet inspection, and more. -
44
PacketStream
PacketStream
PacketStream's multi-hop proxy tunnel enables businesses automation tooling to access more reliable data and unlock geolocation-restricted content. Access the network with your existing data-collection tooling, or use one of PacketStream's marketplace apps. Packeters share their unutilized bandwidth with the PacketStream network and get paid for participating. The PacketStream service measures the amount of bandwidth shared and credits your account accordingly. Anonymously view landing pages from residential IPs without being cloaked to ensure they don't contain malware or improper advertising. PacketStream's exclusive residential IP network helps your business grow faster with less resources. Business automation tooling gives your company greater insights into what competitors are doing, expands your brand's reach, and ensures your brand's safety around the web.Starting Price: $0.10 per GB -
45
SentryWire
SentryWire
SentryWire is a full packet capture appliance and network security monitoring platform built for total network visibility across enterprise, federal, and ICS/OT environments. It retains weeks, months, or years of full-fidelity packet capture data so security teams never lose critical visibility and can investigate threats long after other tools have aged out. It captures, indexes, and retains complete packet data at scale using commodity hardware, distributed storage, and a modular architecture that supports environments ranging from lightweight virtual deployments to enterprise-scale clusters. Unlike packet sniffers that focus only on headers or metadata, SentryWire stores the entire packet stream for forensic replay, deep packet inspection, retrospective analysis, and extended historical investigation. It supports capture rates from 1 Mbps to more than 1 Tbps, with real-time logging, filtering, compression, visualization, and advanced BPF-syntax analysis. -
46
FortiGate IPS
Fortinet
Comprehensive threat protection with a powerful intrusion prevention system. An intrusion prevention system (IPS) is a critical component of every network’s core security capabilities. It protects against known threats and zero-day attacks including malware and underlying vulnerabilities. Deployed inline as a bump in the wire, many solutions perform deep packet inspection of traffic at wire speed, requiring high throughput and low latency. Fortinet delivers this technology via the industry-validated and recognized FortiGate platform. FortiGate security processors provide unparalleled high performance, while FortiGuard Labs informs industry-leading threat intelligence, which creates a proven success in protecting from known and zero-day threats. As a key component of the Fortinet Security Fabric, FortiGate IPS secures the entire end-to-end infrastructure without compromising performance. -
47
NetOmni
Niksun
At NIKSUN, we believe managing all aspects of global network monitoring and incident response is essential to every organization. With NIKSUN NetOmni™, you are provided with the capability to instantly gauge the health of your network - all from a single access point. NIKSUN NetOmni™ collects information (e.g., Logs, NetFlow, SNMP, Packets, etc) from all network applications, services, and their underlying infrastructure and prioritizes key service delivery, security, and compliance metrics. This enables powerful correlated dashboards and workflows from a single pane of glass. Visualize data for a multi-NIKSUN deployment (physical, virtual, or hybrid) from a single pane of glass. Store data for months and years for historical and forensic traceability. Centralized web-based management console for physical, virtual, and cloud infrastructure unifying distributed NIKSUN intelligence. Live dashboard updates, delivering real time views of network and application health. -
48
Omnipeek
LiveAction
Omnipeek is a network protocol analyzer from LiveAction designed to deliver deep packet analysis and rapid troubleshooting on Windows systems. It captures and analyzes packet data in real time to help identify network, application, and security issues. Omnipeek provides intuitive visualizations that make complex network data easy to understand and act on. The platform records exactly what happened on the network, enabling detailed forensic analysis after incidents occur. Built-in expert analysis automatically detects hundreds of common network problems and triggers alerts when policies are violated. Omnipeek supports voice, video, wireless, and high-speed networks, including multi-gigabit environments. It is designed to significantly reduce mean time to resolution for even the most complex network issues. -
49
Voipfuture
Voipfuture
Voipfuture is a carrier-grade voice service monitoring and analytics platform designed to provide deep, real-time visibility into the performance and quality of Voice over IP services across complex networks. Its core solution, Qrystal, continuously analyzes both signaling and media traffic, delivering a unique “dual visibility” approach that enables organizations to understand not only whether a call is connected but also the actual in-call user experience. It processes and inspects every packet flowing through the network, using patented RTP time-slicing technology to generate detailed metrics such as jitter, packet loss, and mean opinion score with high temporal resolution. These metrics are aggregated into actionable KPIs and Quality Data Records, allowing teams to monitor performance, detect impairments such as dropped or one-way calls, and identify root causes quickly. -
50
Packet Sender
Packet Sender
Packet Sender can send and receive UDP, TCP, and SSL on the ports of your choosing. It also has a built-in HTTP client for GET/POST requests and Panel Generation for the creation of complex control systems. by sending customers a portable Packet Sender with pre-defined settings and packets. Create single-button panels that trigger a series of commands for control systems.Starting Price: Free
