Network Monitor 2008

Troubleshooting complex problems requires gaining insight into the inner workings of an application. When you are troubleshooting network problems, one of the best ways to gain insight is to capture and analyze the network communications using a protocol analyzer.
Microsoft provides Network Monitor a powerful protocol analyzer. Network Monitor is not included with Windows, but you can download it for free from the Microsoft Download Center at http://www.microsoft.com/downloads. After visiting that page, search for “Network Monitor.”

Use the buttons below to navigate through the lesson

When the download has completed, double click the Installer package. Click Yes to continue. Click Next to continue. Accept the EULA, then Click Next to continue. Click Install. Click Finish. Network Monitor configuration continues.

The installation process adds the Network Monitor 3 Driver to each network adapter, including VPN and remote access adapters. You must install and enable this driver before Network Monitor can collect data from a network adapter.

To launch Network Monitor select Start>Microsoft Network Monitor3>Microsoft Network Monitor3. Or click the Desktop Shortcut. Select a Network Adapter. Then select Properties. The properties of the Network Adapter are displayed. Select P-Mode to enable (promiscuous-mode) to capture frames sent to computers other than your own. Click OK to continue. Select a New capture tab. Select Start. After a suitable period select Stop. The captured data is now displayed.

The Summary Pane gives an account of each packet collected. The Detail Pane gives a review of the highlighted frame from the Summary Pane. The Hex Pane shows the data inside the packets e.g.the mac address. and select View selected frame in a New Window. The frame is now displayed.

Capturing Network Data Using a Command Prompt

To capture network traffic from a command prompt, switch to the Network Monitor installation folder (C:\Program Files\Microsoft Network Monitor 3 by default) and run the following command:
NMCap /network * /capture /file capture.cap
This captures all traffic on all network interfaces and saves it to a file named capture.cap.
When your capture is complete, press Ctrl+C to exit.

NMCap /network * /capture /file capture.cap

Data is being captured. When you are done capturing, press Ctrl+C. The data is processed and saved to the file. To view the captured data the file will have to be viewed in Network Monitor.

Select Open Capture File. Select the file to be opened. The data is displayed.

To use a filter capture, type the filter capture in quotation marks after the /capture parameter. For example, the following command captures only DHCP traffic:
NMCap /network * /capture “DHCP” /file filename.cap

NMCap /network * /capture “DHCP” /file dhcp.cap

When you are done capturing, press Ctrl+C. The data is processed and saved to the file. To view the captured data the file will have to be viewed in Network Monitor. Select Open Capture File. Select the file to be opened. The data is displayed. Note only DHCP data was captured.

To view a particular frame, right click and select View selected frame in a New Window. The frame is now displayed.

Network Monitor and NMCap require the Network Monitor driver to be installed, you cannot simply copy NMCap.exe to a computer that you need to capture from.