Apr 11 2019

Network Monitor

Unlike System Monitor, which is used to monitor anything from hardware to software, Network Monitor focuses exclusively on network activity. To understand the traffic and behavior of your network components, install and use Network Monitor.

Network Monitor Features

Network administrators use Microsoft Windows 2000 Network Monitor to view and detect problems on local area networks (LANs). For example, as a network administrator, you can use Network Monitor to diagnose hardware and software problems when two or more computers cannot communicate. You can also copy a log of network activity into a file and then send the file to a professional network analyst or support organization.

Network application developers can use Network Monitor to monitor and debug network applications as they are developed.

Network Monitor monitors the network data stream which consists of all information transferred over a network at any given time. Prior to transmission, this information is divided by the network software into smaller pieces, called frames or packets. Each frame contains:

The source address of the computer that sent the message.

The destination address of the computer that received the frame.

Headers from each protocol used to send the frame.

The data or a portion of the information being sent.

The process by which Network Monitor copies frames is referred to as capturing. You can use Network Monitor to capture all local network traffic or you can single out a subset of frames to be captured. You can also make a capture respond to events on your network. For example, you can make the network start an executable file when Network Monitor detects a particular set of conditions on the network.

After you have captured data, you can view it in the Network Monitor user interface. Network Monitor does much of the data analysis for you by translating the raw capture data into its logical frame structure.

For security reasons, Windows 2000 Network Monitor captures only those frames, including broadcast and multicast frames, sent to or from the local computer. Network Monitor also displays overall network segment statistics for broadcast frames, multicast frames, network utilization, total bytes received per second, and total frames received per second.

In addition, to help protect your network from unauthorized use of Network Monitor installations, Network Monitor can detect other installations of Network Monitor that are running on the local segment of your network. Network Monitor also detects all instances of the Network Monitor driver being used remotely (by either Network Monitor from Systems Management Server or the Network Segment object in System Monitor) to capture data on your network.

When Network Monitor detects other Network Monitor installations running on the network, it displays the following information:

The name of the computer

The name of the user logged on at the computer

The state of Network Monitor on the remote computer (running, capturing, or transmitting)

The adapter address of the remote computer

The version number of Network Monitor on the remote computer

In some instances, your network architecture might prevent one installation of Network Monitor from detecting another. For example, if an installation is separated from yours by a router that does not forward multicasts, your installation cannot detect that installation.

Network Monitor uses a network driver interface specification (NDIS) feature to copy all frames it detects to its capture buffer, a resizable storage area in memory. The default size is 1 MB; you can adjust the size manually as needed. The buffer is a memory-mapped file and occupies disk space.

Because Network Monitor uses the local only mode of NDIS instead of promiscuous mode (in which the network adapter passes on all frames sent on the network), you can use Network Monitor even if your network adapter does not support promiscuous mode. Networking performance is not affected when you use an NDIS driver to capture frames. (Putting the network adapter in promiscuous mode can add 30 percent or more to the load on the CPU.)

Installing Network Monitor

To set up Network Monitor, perform two steps:

Install the Network Monitor driver on any computer from which you want to capture data for analysis with Network Monitor.

Install the Network Monitor utilities on a computer running Windows 2000 Server on which data will be captured.

You can install the driver on a computer running either Windows 2000 Professional or Windows 2000 Server. Installing the driver also installs the Network Segment object for use in System Monitor.

Installing the driver does not install Network Monitor itself. Instead, install the Network Monitor Tools on a computer running Windows 2000 Server to install Network Monitor.

To install the Network Monitor driver

Click Start , point to Settings , click Control Panel , and then double-click Network and Dial-up Connections .

In Network and Dial-up Connections , right-click Local Area Connection , and then click Properties .

In the Local Area Connection Properties dialog box, click Install .

In the Select Network Component Type dialog box, click Protocol , and then click Add .

In the Select Network Protocol dialog box, click Network Monitor Driver , and then click OK .

If prompted for additional files, insert your Windows 2000 CD, or type a path to the location of the files on a network.

To display and analyze captured data, use the following procedure to install Network Monitor Tools on a computer running Windows 2000 Server. Network Monitor Tools installs Network Monitor along with the Network Monitor driver. If you are running Windows 2000 Server and are installing Network Monitor Tools, you can bypass the preceding procedure; you do not need to install the Network Monitor driver separately.

To install Network Monitor Tools

Click Start , point to Settings , click Control Panel , and then double-click Add/Remove Programs .

In the Add/Remove Programs dialog box, double-click Add/Remove Windows Components .

In the Windows Component Wizard dialog box, click Next .

Under Components , click Management and Monitoring Tools , and then click the Details button.

Under Subcomponents of Management and Monitoring Tools , select the Network Monitor Tools check box, and then click OK .

Click Next to proceed with installation, and then click Finish and Close to exit.

To start Network Monitor on a computer running Windows 2000 Server

Click Start , point to Programs , and point to Administrative Tools .

Under Administrative Tools , click Network Monitor .

For information about how to work with the Network Monitor user interface, see Windows 2000 Server Help.

Capturing Frame Data

When you’ve installed the Network Monitor driver on the computer from which to capture data (hereafter called the source computer) and installed Network Monitor Tools on the computer that will perform the capture (hereafter called destination computer), you can begin to capture data.

Open Network Monitor.

Or, click the Capture button on the toolbar.

As frames are captured from the network, statistics about the frames are displayed in the Network Monitor Capture window, as shown in Figure 9.2.

Network monitor

Figure 9.2 Network Monitor Capture Window

Network Monitor displays session statistics from the first 100 unique network sessions it detects. The Network Monitor Capture window includes the panes listed in Table 9.7.

Table 9.7 Description of Display Options for the Capture Pane

