Monitoring network traffic

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Monitoring network traffic

As an administrator, you need to monitor and detect problems with traffic on your network. With Network Monitor, you can gather information about the network traffic that flows to and from the network adapter of the computer on which it is installed. Once you capture the information, you can use Network Monitor to analyze the information, diagnose problem traffic patterns, and devise strategies to prevent future network traffic problems.

Some of the most common tasks are installing Network Monitor, specifying data frame patterns to capture, capturing network frames, and viewing a specific frame. You can also monitor network traffic from the Managing Network Monitor from the command line. For more information about other tasks for monitoring network traffic, see Network Monitor How To ....

To install Network Monitor

  1. Open Windows Components wizard.

  2. In the Windows Components wizard, click Management and Monitoring Tools, and then click Details.

  3. In Subcomponents of Management and Monitoring Tools, select the Network Monitor Tools check box, and then click OK.

  4. If you are prompted for additional files, insert the installation CD for your operating system, or type a path to the location of the files on the network.

Notes

  • To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.

  • To open the Windows Components Wizard, click Start, click Control Panel, double-click Add or Remove programs, and then click Add/Remove Windows Components.

  • Certain Windows components require configuration before they can be used. If you installed one or more of these components but did not configure them, when you click Add/Remove Windows Components, a list of components that need to be configured is displayed. To start the Windows Components Wizard, click Components.

  • This procedure automatically installs the Network Monitor driver.

To specify frame data patterns to capture

  1. Open Network Monitor.

  2. If prompted, select the local network from which you want to capture data by default.

  3. On the Capture menu, click Filter.

  4. In the capture filter decision tree, double-click the AND (Pattern Matches) line.

  5. Complete the Pattern Match dialog box, and then click OK.

Notes

  • To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure.

  • To start Network Monitor, click Start, click Control Panel, double-click Administrative Tools, and double-click Network Monitor.

  • You can define up to four data patterns in a capture filter.

  • To capture frames that match any of multiple patterns, create a logical branch by selecting one of the patterns in the decision tree and clicking OR.

  • To exclude frames that match a pattern, select the pattern in the decision tree and then click NOT.

  • If you specify more than one pattern in the capture filter decision tree, by default, Network Monitor treats each as a logical OR branch.

To capture network frames

  1. Open Network Monitor.

  2. If prompted, select the local network from which you want to capture data by default.

  3. On the Capture menu, click Buffer Settings, and then set the buffer and frame size as appropriate.

  4. On the Capture menu, click Start.

Notes

  • To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.

  • To start Network Monitor, click Start, click Control Panel, double-click Administrative Tools, and double-click Network Monitor.

  • To pause, stop, or display the data capture, on the Capture menu, click Pause, Stop, or Display Captured Data. You can also stop and display the capture by clicking Stop and View.

  • Network Monitor displays session statistics of the first 100 unique network sessions that it detects. To reset statistics and view information about the next 100 detected network sessions, click the Capture menu, and then click Clear Statistics.

  • If you want to capture data from multiple local networks at the same time, install an adapter and start an instance of Network Monitor for each network. In each instance, specify the network from which you want to capture data by, on the Capture menu, clicking Networks and selecting a network.

  • If prompted for additional files, insert the installation CD for your operating system, or type a path to the location of the files on the network.

To view a specific frame

  1. Open Network Monitor.

  2. If prompted, select the local network from which you want to capture data by default.

  3. Do one of the following:

    • On the File menu, click Open, and then double-click a saved capture file to open it.

    • On the Capture menu, click Start, and then click Stop and View when you are done capturing frames.

  4. On the Display menu, click Go To Frame.

  5. In the Go To dialog box, type the number of the frame that you want to view, and then click OK.

Notes

  • To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure.

  • To start Network Monitor, click Start, click Control Panel, double-click Administrative Tools, and double-click Network Monitor.

  • Network Monitor runs with reduced access in which administrative privileges have been removed. If you receive an Access Denied message when you follow this procedure, add your user name to the permissions list of the file or folder that you want to access. For more information, see Set, view, change, or remove permissions on files and folders.

  • The frame number is listed in the Frame column.

  • Frames are numbered in the order that Network Monitor captures them.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.