_______________

	Network Monitoring
*Troubleshooting Network problems often involves the use of a protocol analyzer, and* Microsoft provided one with a utility called NetMon allowing administrators to capture traces for analysis of problems. (A stripped down version NetMon was included with every shipping copy of NT Server 4.0, but you can get the full version from the SMS CD-Rom)

Recommended Books:

Network Monitoring and Analysis : A Protocol Approach to Troubleshooting
By Ed Wilson, published by Prentice Hall, December 1999, Paperback 359 pages, ISBN 0130264954. One of the few books available that focuses almost entirely on Windows NT, this book is invaluable. It starts with a detailed overview of the major protocols, SMB, and the OSI model, followed by a network analysis and optimization section that looks at network traffic from every perspective: (client, server, application, and service). It also includes a full chapter dedicated to using the NetMon utility, and concludes with common troubleshooting and security issues The CD-ROM includes sample capture files showing real network traces, custom filters for Microsoft Network Monitor troubleshooting, and batch files that trigger unattended Netmon sessions.

Where to Start:

How to Install Network Monitor in Windows 2000
Microsoft Knowledge Base Article: 243270 - Network Monitor is a tool to monitor and capture network traffic. It is useful when you are troubleshooting networking problems, and is capable of monitoring for specific network events. This article describes how to install Network Monitor

Network Analysis Tools
A look at a few third party utilities available for Windows NT, by Tom Yager. Source: Windows NT Systems, (June 1999)

Network Management and Monitoring
Sample Chapter 5 from Windows NT, Heterogeneous Networking, published by MacMillan Technical Publishing. What you need to know to manage and monitor your network: utilities and tools you need, plus a discussion of the SNMP manageable agent included with WindowsNT

Network Monitor Basics
Understand Network Monitor's basic capabilities, learn how to use its features, and discover Network Monitor 2.0's new features. Source: Windows 2000 Magazine (May 2000)

Network Monitoring with SMS
To diagnose network problems, systems administrators generally use a network monitoring tool, sometimes known as a protocol analyzer. When you install SMS, the Network Monitor component installs on your BackOffice server by default. To install the Monitor Agent into your system's network configuration, you must manually run the Network configuration program from the Control Panel and add the Monitor Agent. Source: Windows & .NET Magazine (July 1997)

Passive Network Traffic Analysis: Understanding a Network Through Passive Monitoring
This article will offer a brief overview of passive network monitoring, which can offer a thorough understanding of the network's topology: what services are available, what operating systems are in use, and what vulnerabilities may be exposed on the network. Source: SecurityFocus

A Newbie Meets NT's Network Monitor
Installing Network Monitor The version of Network Monitor that ships with NT Server is a trimmed-down version of the Network Monitor that ships with Systems Management Server (SMS). The NT version captures packets only on the machine it's installed on, and the SMS version captures packets from any system the Network Monitor Agent software is installed on. After you install Network Monitor, you see a Monitoring Agent applet in Control Panel. Source: Windows & .NET Magazine (June 1997)

Useful Articles:

Additional Network Monitor Parsers Included in the Microsoft Windows 2000 Server Resource Kit
Microsoft Knowledge Base Article: 280503 - Microsoft Windows 2000 Server Resource Kit includes the following new Microsoft Network Monitor parsers that can be useful for troubleshooting issues with Microsoft Windows 2000:

Application Testing with Network Monitor
Through proactive network testing, you can measure how applications function under various network conditions. " ) Use the Network Monitor tool that comes with NT Server to test an application's throughput on your network. Network Monitor consists of an agent, which sends packets to the Network Monitor buffer, and tools, which interpret and report data the agent gathers. Source: Windows & .NET Magazine(Sept 1998)

Description of Experts in Network Monitor 2.0
Microsoft Knowledge Base Article: 233032 - Network Monitor 2.0 includes six experts. Experts are tools to help you analyze data by using built-in parsers. These tools automate time-consuming tasks (such as looking for TCP retransmissions).

How to Automate Network Captures with Network Monitor
Microsoft Knowledge Base Article: 158744 - Network Monitor gives you the ability to automatically begin capturing network information upon starting the application. This is done by using command-line parameters that can be passed to the program.

How to Capture Network Traffic with Network Monitor
Microsoft Knowledge Base Article: 148942 - The purpose of this article is to provide you with the information needed to capture network traffic from a local area network using Microsoft's Network Monitor. The text of this article comes directly from the Network Monitor's Help file

HOW TO: Capture WAN Traffic with Network Monitor in Windows
Microsoft Knowledge Base Article: 301989 - This step-by-step article describes how to capture Wide Area Network (WAN) traffic with Network Monitor. While collecting information from the network's data stream, Network Monitor displays the following types of information:

How to Enable PPTP Port for Network Monitor
Microsoft Knowledge Base Article: 164601 - If you use Network Monitor in Systems Management Server version 1.2 or Network Monitor from the Windows NT Server version 4.0 compact disc, you will not be able to view Point-to-Point Tunneling Protocol (PPTP) or General Routing Encapsulating

How to Enable Radius Port for Network Monitor
Microsoft Knowledge Base Article: 230786 - If you use Network Monitor in Systems Management Server version 1.2 or Network Monitor from the Windows NT Server version 4.0 compact disc, you are not able to view Radius packets.

How to Filter on TCP Header Information Using Microsoft Network Monitor
Microsoft Knowledge Base Article: 231920 - This article describes how to apply filters in Microsoft Network Monitor to view Transmission Control Protocol (TCP) header information in the Capture Summary window.

How to Modify Network Monitor Capture Buffer Settings
Microsoft Knowledge Base Article: 231947 - When you use Microsoft Network Monitor to capture network traffic, the capture buffer size must be large enough to save the desired traffic.

HOW TO: View a System Monitor Log
Microsoft Knowledge Base Article: 243423 - This article describes how to view a system monitor or performance monitor log.

Netmon 2.0 Able To Read the Netmon 1.x Captures
Microsoft Knowledge Base Article: 200332 - The version of Network Monitor that ships with Systems Management Server (SMS) 2.0 is completely backward compatible with versions that shipped with previous versions of SMS. Not only is it able to read the capture from a previous version but it also offers many new features for analyzing the captured data

Setting a Capture Filter to View Only Browser Frames in Network Monitor
Microsoft Knowledge Base Article: 224834 - This article describes how to set a capture filter to view only browser frames in Network Monitor.

The Basics of Reading TCP/IP Traces
Microsoft Knowledge Base Article: 169292 - This article covers some basic concepts and tips needed for reading TCP/IP traces.

The Stats Frame in a Network Monitor Capture
Microsoft Knowledge Base Article: 232044 - This article describes the relevance and some possible uses for the information in the Stats frame of a Network Monitor capture.

Using Network Monitor to Capture Traffic Using a Remote Agent
Microsoft Knowledge Base Article: 232247 - Microsoft Network Monitor gives you the capability to connect to other computers and capture traffic from another computer. You can do this across a router or a Remote Access Service (RAS) connection.

Known Issues

Buffer Overflow in Network Monitor May Cause Vulnerability
Microsoft Knowledge Base Article: 274835 - When you use Network Monitor to capture data on your network, a malicious user may be able to send malformed data that can run a program or file on your computer or cause Network Monitor to stop responding (hang).

Cannot Capture Outbound Frames with Network Monitor 2 on a Token Ring Network
Microsoft Knowledge Base Article: 264715 - You may not be able to use Network Monitor version 2 to capture outbound frames from the local computer on your Token Ring network. This problem exists because of the following conditions:

Digital Network Port Monitor Not Included with Windows 2000
Microsoft Knowledge Base Article: 196644 - The Digital Network Port monitor is not included on the Windows 2000 CD-ROM. To use these ports in Windows 2000, you must upgrade from a version of Microsoft Windows NT that has the Digital Network Port monitor installed before you upgrade.

Network Monitor 2.0 from SMS CD-ROM Does Not Run in Windows 2000
Microsoft Knowledge Base Article: 233191 - Network Monitor 2.0 from the Systems Management Server version 2.0 CD-ROM does not run in Windows 2000. When you try to run this version of Network Monitor, it reports that no network adapters are found.

Network Monitor Fails to Connect to Remote Alpha-based Agent
Microsoft Knowledge Base Article: 218978 - After you apply Windows NT 4.0 Service Pack 4 to an Alpha-based computer, the following events are logged in Event Viewer:

Network Monitor Incorrectly Filters MAC Address
Microsoft Knowledge Base Article: 264716 - When you set a capture filter in Network Monitor to capture only frames that are sent to the the active monitor address on a Token Ring network, you may also see frames that are sent to the broadcast address in the resultant capture.

Network Monitor Incorrectly Parses WINS Registration TTL
When parsing the output of a successful Windows Internet Naming Service (WINS) server response to a client name registration in Microsoft Network Monitor 2.0, the Time to Live (TTL) record is incorrectly displayed in milliseconds. It should be displayed in seconds

SMS Network Monitor 1.2 Does Not Work with Network Monitor Agent 2.0
Microsoft Knowledge Base Article: 198380 - When you try to run SMS Network Monitor 1.2 in Windows 2000, the program may be unable to find a network driver to begin the capture. This behavior can occur when Network Monitor Agent 2.0 is installed instead of Network Monitor Agent 1.2.

Network Segment Object Has Been Removed from System Monitor
Microsoft Knowledge Base Article: 253790 - In Windows 2000, installing Network Monitor does not add the Network Segment object in System Monitor as in Microsoft Windows NT.

You Are Unable to Filter Between Two Internet Protocol Addresses in Network Monitor 2.0
Microsoft Knowledge Base Article: 279354 - After you set a capture filter in Network Monitor version 2.0 to filter between a pair of Internet Protocol (IP) addresses, no frames are captured. Also, this may occur even when there is IP traffic being sent to and from the IP addresses that you specified in the capture filter.

This page and its contents are Copyright 1999-2003 by LabMice.net. Microsoft, NT, BackOffice, MCSE, and Windows are registered trademarks of Microsoft Corporation. Microsoft Corporation in no way endorses or is affiliated with LabMice.net. The products referenced in this site are provided by parties other than LabMice.net. LabMice.net makes no representations regarding either the products or any information about the products. Any questions, complaints, or claims regarding the products must be directed to the appropriate manufacturer or vendor.s

$LabMice.net - The Windows 2000\XP\.NET Resource Index$
Home \| About Us \| Search	Last Updated December 16, 2003