Monitoring Traffic Between Two Computers

To use address pairs in a capture filter, first build an address database. After building this address database, you can use the addresses listed in the database to specify address pairs in a capture filter.

For detailed steps about how to create an address database, see How to Create an Address Database in Network Monitor.

For detailed steps about how to monitor traffic between two computers, see How to Monitor Network Traffic Between Two Computers Using Network Monitor.

When troubleshooting network problems, you may need to create a capture of network traffic between two specific computers that are separated by one or more routers. In this case, you may want to analyze all network traffic between the first computer and its nearest router, and all network traffic between the second computer and its nearest router. Most of the time, this analysis determines whether network packets are being lost or corrupted somewhere between the routers. To make these traces consistent and to be able to read these traces simultaneously, the system clocks must be synchronized between the two computers before making the trace.

Additionally, it is important to understand that the bulk of Exchange network traffic is from RPC packets between the clients and the server, as well as LDAP calls to the global catalogs. Any other high network utilization that does not fit this profile should be investigated.