Tech Tip: Modify a computer's routing table/Capture server traffic with Network Monitor

Learn about the Route command, which offers the ability to view and modify a computer's routing table, and find out how to monitor traffic for a local server with Network Monitor.

View and modify a computer's routing table

Most computers rely on a gateway of some type to route traffic for them. For example, your network likely connects to the Internet through a router, and that router takes care of directing packets, whether incoming or outgoing, to where they need to go. If you have multiple network segments in your organization, your network might also include other routers.

In most situations, you don't need to worry about viewing or changing your local computer's routing table. Sometimes, however, the ability to view and modify your routing table can come in quite handy for troubleshooting purposes or even working around network configuration issues.

The Route command offers the ability to view and modify a computer's routing table. To view a computer's routing table, enter ROUTE PRINT at the command line.

The command prints a list of all known routes with the address and subnet mask of the destination, the gateway for the specified address, the interface to which it applies, and the route's metric.

The computer uses the last value to determine which route to use when routing traffic to the specified address. Whenever possible, computers use routes with lower metrics.

If necessary, you can refine the list of routes displayed for readability. For example, let's say you want to view only routes for a subnet beginning with the 192 octet. If so, you would use the following command to print only those routes:


Capture traffic to and from a server with Network Monitor

The ability to analyze network traffic passing through a server can be a valuable tool for troubleshooting problems with services, client applications, network access, and other problems. While it's useful to have a full-blown network sniffer device or application in some situations, a simple network monitor will often do the trick for a single server.

Windows 2000 Server's Network Monitor offers the ability to monitor traffic for the local server. To install Network Monitor, open the Add/Remove Programs applet from Control Panel, and click Add/Remove Windows Components. Select Management And Monitoring Tools, click Details, select the Network Monitor Tools check box, and click OK.

After installing Network Monitor, you can open it from the Administrative Tools folder. When Network Monitor opens, go to Capture | Networks to open the Select A Network dialog box, where you can choose which interface to monitor. To begin capturing all traffic to and from the server, go to Capture | Start.

You can also apply a filter to specify which traffic Network Monitor captures. To do so, go to Capture | Filter to open the Capture Filter dialog box, where you can specify protocols, addresses, and pattern matches for the filter.

When you're satisfied with the configuration, go to Capture | Start to begin the capture. Traffic statistics appear in the right pane. When you've captured enough data, go to Capture | Stop. To view the captured frames, go to Capture | Display Captured Data, or press [F12].

Editor's Picks