Network Monitor Tool
Applies To: Windows Server 2003, Windows Server 2003 with SP1
When troubleshooting IIS–related problems, you can use Network Monitor to start a capture, reproduce a problem, and view the capture. Network Monitor is included with Windows Server 2003.
Procedures
To install Network Monitor
From the Start menu, click Control Panel.
Double-click Add or Remove Programs.
In the left pane, click Add/Remove Windows Components.
Click Management and Monitoring Tools and then click Details.
Select the Network Monitor Tools check box and then click OK.
Click Next.
When installation is complete, click Finish.
Network Monitor is now available on the Administrative Tools menu.
Note
Network Monitor, unlike WFetch, is a good tool for analyzing TCP connection management or three-way handshake information. For more information about using Network Monitor in this way, see Knowledge Base article 172983, Explanation of the Three-Way Handshake via TCP/IP.
Tips for Using Network Monitor for Troubleshooting
Consider the following tips when using Network Monitor for troubleshooting:
As with any utility that captures large volumes of data, it is important to plan your Network Monitor capture and to time the beginning and end of captures so that they minimize extraneous network traffic.
Network Monitor, like File Monitor and Registry Monitor, can display the timestamp instead of the elapsed time in the capture. Displaying the timestamp along with synchronizing system clocks on participating computers can help you accurately isolate problems.
Increase the capture buffer size from its default of 1 MB to 20 MB.
To adjust Network Monitor capture settings
On the Capture menu, click Buffer Settings.
In the Buffer Size (MB) box, type 20.
Click OK.
Applying filters to captures allows you to record only relevant data. You can also apply a filter after the capture has completed to filter the data that is displayed. Filtering by protocol and by network addresses are the two most common ways to quickly filter Network Monitor capture data.
To filter capture data by HTTP protocol
While viewing a saved capture file, on the Display menu, click Filter.
In the Display Filter dialog box, click Protocol == Any, and then click Edit Expression.
In the Expression dialog box, click Disable All.
In the Disabled Protocols list box, click HTTP, and then click Enable.
Click OK twice.
Network Monitor filters and then displays only HTTP traffic.
To filter capture data by network addresses |
|
By default, Network Monitor only parses traffic on port 80 as HTTP traffic. You can customize Network Monitor to parse traffic on other ports, for example, on port 8080, as HTTP traffic.
To configure Network Monitor to parse traffic on non-standard HTTP ports
Open Notepad.
Open the Tcpip.ini file, which is located in the Parsers folder under the Network Monitor installation point (by default, systemroot\System32\Netmon).
Locate the [TCP_HandoffSet] section.
Below the 80=HTTP line, type the following new line: 8080=HTTP
Save and then close the Tcpip.ini file.
Open the Http.ini file, which is located in the same folder as Tcpip.ini.
Locate the [Ports] section.
Immediately after the text SrcPorts=80, type the new port, preceded by a comma. The line now reads SrcPorts=80,8080.
Save and then close the Http.ini file.
To start any new parsing activity, close and reopen your captures.
For more information about HTTP traffic and Network Monitor, see Knowledge Base article 252876, How to View HTTP Data Frames Using Network Monitor. For more information about capturing network traffic, see Knowledge Base article 148942, How to Capture Network Traffic with Network Monitor.