Riguy Index and Archive:
Monitoring Network Packets in Windows 2000 or 2003 Server
Netmon is a good way to observe network packets coming and going within a Windows network. Various trends can be observed, such as HTTP traffic or DHCP "acks" (acknowledgments) or SMB broadcasts. Netmon is really a simplistic application compared to the likes of TCPDUMP, but it can be useful.
NOTE: NETMON version 3.0 +is available. More coming soon on this.
Netmon needs to be installed, like with all Windows 2000 components via the Add/Remove tool. It is located within the Management and Monitoring Tools section within Add/Remove Components.
Getting Started...It is always wise to read the Help documentation. A search for Network Monitor yields much information, with an excellent Overview. For example, to find the "largest broadcaster" on a network:
Open up Netmon: Start/Run, then type 'netmon', then review the Netmon folder (C:\WINNT\system32\NETMON). In the folder is the "netmon.exe" file. There is also a Parsers folder, which contains numerous .DLLs that are associated with the various protocols in use on a network. Use of these parsers allows for the parsing of specific type of protocols during a capture session.
Standard view (below), in Netmon, after opening "netmon.exe". If the "Start Capture" arrow is clicked, something like this will be seen, with activity in the background. Note the various statistics being measured, frames per second, bytes received, by percentage, per second, etc. Packets are being captured:
Use the Zoom Pane….
Zoom Pane toggles amongst the various windows within NetMon (below)
More toggling… "Station Statistics" Pane (note the sorted highest Broadcast Sent …)
Start fresh. Go to Capture
Capture / Addresses - Rhody is server with 2 network interface cards (one for the outside world - the Internet- and one for the internal network). To monitor the public interface, select the public IP address:
Summary (go to Capture, Stop and View):
Some of the remaining features are only available with Microsoft Systems Management Server (SMS) server, such as Resolve Addresses From Name and Find Routers.
