Windows 7 / Networking

Network Monitor

Network Monitor 3.3, a free download from http://www.microsoft.com/downloads/, is the most capable-and complicated-tool for analyzing network communications. Network Monitor is a protocol analyzer (commonly known as a sniffer) capable of capturing every byte transferred to and from a computer running Windows 7. An experienced system administrator can use Network Monitor to troubleshoot a wide variety of problems, including:

  • Network performance problems.
  • TCP connection problems.
  • IP protocol stack configuration problems.
  • Problems caused by network filtering.
  • Application-layer problems with text-based protocols, including Hypertext Transfer Protocol (HTTP), Post Office Protocol (POP), and Simple Mail Transfer Protocol (SMTP).

Network Monitor performs a significant amount of interpretation of captured information by separating the different protocols involved in network communications. Network Monitor can even interpret most common application-layer protocols. For example, when analyzing HTTP traffic, Network Monitor automatically identifies the packet containing the HTTP request and lists the request method, Uniform Resource Locator (URL), referrer, user agent, and other parameters included in the request. This information is extremely useful when troubleshooting compatibility problems with a specific browser.

To analyze network traffic by using Network Monitor, follow these steps:

  1. Download and install Network Monitor and then restart the computer to enable the Network Monitor driver for your network adapters.
  2. Click Start, click All Programs, click Microsoft Network Monitor 3.3, and then click Microsoft Network Monitor 3.3.
  3. Click New Capture.
  4. With the New Capture tab selected, click the Select Networks tab and select one or more network adapters.
  5. Click Start to begin capturing communications.
  6. Switch to the application from which you want to capture the network traffic and then perform the steps to generate the traffic. For example, if you want to capture a request to a Web server, switch to Windows Internet Explorer and enter the Web address. After you have generated the traffic that you want to capture, return to Network Monitor.
  7. On the Capture menu in Network Monitor, click Stop.
  8. On the Network Conversations page, click the application you want to monitor.
  9. In the Frame Summary pane, browse the captured frames. Click a frame to view its contents.

For example a capture of a TCP connection and an HTTP request created by visiting a Web site with a browser. Because Iexplore.exe is selected in the Network Conversations pane, only frames sent to or from Internet Explorer are displayed. The Frame Summary pane lists the captured packets. The first three frames show the three-way TCP handshake. As you can see from the Frame Details pane, the selected frame shows Internet Explorer requesting / from the Web server. The following frame is the response, which is an HTTP 302 redirection to a different page. Frame 35 is Internet Explorer requesting the page to which it was directed, /en/us/default.aspx.

[Previous] [Contents] [Next]

In this tutorial:

  1. Troubleshooting Network Issues
  2. Tools for Troubleshooting
  3. Table-1 Network Troubleshooting Tools
  4. Arp
  5. How to Identify a Problem with the ARP Cacher
  6. How to Clear the ARP Cache
  7. Event Viewer
  8. IPConfig
  9. Nblookup
  10. Nbtstat
  11. Net
  12. How to View Shared Folders on the Local Computer
  13. How to View Shared Folders on Another Computer
  14. Netstat
  15. Network Monitor
  16. Nslookup
  17. Verifying that the Default DNS Server Resolves Correctly
  18. Verifying that a Specific DNS Server Resolves Correctly
  19. Verifying Specific Types of Addresses
  20. Using TCP for DNS Lookups
  21. PathPing
  22. PathPing Output
  23. Routing Loops
  24. Performance Problems
  25. Possible Connectivity Issues
  26. No Connectivity Issues
  27. Performance Monitor
  28. Data Collector Sets
  29. Windows Resource Monitor
  30. Ping
  31. PortQry
  32. Identifying the TCP Port for a Service
  33. Windows 7 Testing Service Connectivity
  34. Determining Available Remote Management Protocols
  35. Why PortQry Is Great
  36. Route
  37. Task Manager
  38. TCPView
  39. Telnet Client
  40. Testing Service Connectivity
  41. Test TCP
  42. Windows Network Diagnostics
  43. The Process of Troubleshooting Network Problems
  44. How to Troubleshoot Network Connectivity Problems
  45. How to Troubleshoot Application Connectivity Problems
  46. Default Port Assignments for Common Services and Tasks
  47. How to Troubleshoot Name Resolution Problems
  48. How to Verify Connectivity to a DNS Server
  49. How to Use the Hosts File
  50. How to Troubleshoot Performance Problems and Intermittent Connectivity Issues
  51. How to Troubleshoot Joining or Logging on to a Domain
  52. How to Verify Requirements for Joining a Domain
  53. How to Troubleshoot Network Discovery
  54. How to Troubleshoot File and Printer Sharing
  55. How to Troubleshoot File and Printer Sharing from the Client
  56. How to Troubleshoot File and Printer Sharing from the Server
  57. How to Troubleshoot Wireless Networks
  58. Network Diagnostics
  59. How to Troubleshoot Firewall Problems