Capturing Network Traffic

  • Article

By using Network Monitor, you can capture all the network traffic that passes by your network adapter on the local subnet, or filter the traffic to analyze only the frames you are interested in.

There are several circumstances that might prevent Network Monitor from launching or compromise its performance.

One scenario is when Authenticated Users is manually removed from the Users group. To resolve this issue, add the specific Network Monitor user to the group. To complete the workaround, the user needs to log off and log back on to the computer.

Another scenario is when the Discretionary Access Control List (DACL) of the system directory is changed to disallow normal user's access. To resolve this issue, add the specific Network Monitor user to the DACL of the system directory. To complete the workaround, the user must log off and log back on to the computer.

Network Monitor runs with reduced access in which administrative privileges have been removed. If you receive an Access Denied message when you follow this procedure, add your user name to the permissions list of the file or folder that you want to access.

To start Network Monitor

  1. On the Start menu, point to All Programs, point to Microsoft Network Monitor, and then click Network Monitor.

  2. To begin capturing data, on the Capture menu, click Start.

    When the Frame Viewer window opens, you can view a summary listing of captured frames.

  3. To stop the data capture, on the Capture menu, click Stop and View.

The network traffic you capture is the traffic passing by your computer on your local subnet. Frames that run on another subnet are typically never routed to your subnet unless they are broadcast or the destination address is a computer on your subnet.

Note

  • It is not recommended to capture local network data from your site server. Placing your network adapter into promiscuous mode is a processor-intensive process and can adversely affect the performance of other processes on the server. If you want to run Network Monitor on the site server as a client for remote capture of network data, it will not cause a performance issue. For more information, see the "Using SMS Network Diagnostic Tools on Remote Computers" section later in this chapter.
For More Information

Did you find this information useful? Please send your suggestions and comments about the documentation to smsdocs@microsoft.com.