Review: Microsoft Network Monitor 3.3

The Microsoft Network Monitor is a free tool for Windows PCs that allows you to see each and every networking packet that arrives at or is sent from the PC.

The Microsoft Network Monitor is a free tool for Windows PCs that allows you to see each and every networking packet that arrives at or is sent from the PC. It has robust filtering options and can give you excellent insight into the functionality of your applications.


  • Supported Operating Systems: XP, Vista, W7, 2003, 2008 (32-bit and 64-bit for all systems)
  • Requires Hardware: 1GHz CPU, 1GB RAM, 25MB drive space + additional drive space for stored captures
  • Additional Information: Download, Team Blog
  • For a closer look, check out the TechRepublic Spotlight Photo Gallery

Who's it for?

Network engineers and system administrators will find this tool invaluable. Many developers, customer support personnel, and QA workers will find it useful as well to analyze application behavior.

What problems does it solve?

Having insight to network traffic provides a precise view into application and operation system behavior, allowing for accurate and rapid problem solving. Many times, packet capture and analysis will reveal the root cause of problems that application and operation system logs do not provide.

Standout features

  • Cost: Microsoft Network Monitor is free.
  • Powerful filtering capabilities: The functionality for filtering which packets to display is very powerful, and can be applied at the time of capture or for display only.
  • "Experts": Through an API, developers can write advanced processing functionality to extend the application beyond the packet filters.
  • Can see into VPN traffic: If the machine is on a VPN, the external portion of the VPN traffic can be monitored or the contents inside the tunnel.
  • Conversations: Traffic is grouped into "conversations" by the local process that the traffic is going to/coming from, then by the IP address of the other party, and by protocol.

What's wrong?

  • Packet filtering is complex: Using packet filtering is complex and the examples do not show all of the possibilities; expect to spend some time learning the ins-and-outs of filtering if you want to do anything complex.
  • Cannot see inside SSL encrypted packets: While it makes plenty of sense, at a technical level, why the application cannot peer into the encrypted portions of SSL encrypted packets (it would need to proxy the conversation), it would be very useful if it could. As more and more applications tunnel their data over HTTPS, this functionality becomes more even more important.

Competitive Products

Bottom line for business

Every systems administrator and network engineer should have a packet capture and protocol analysis tool in their kit. Microsoft Network Monitor does the basics well, and its functionality makes it easy to zero in on the traffic you are looking for. The "experts" system of plugins (a few are already available for free on CodePlex) means that you can customize its functionality to meet your needs.

Microsoft Network Monitor is not perfect for every environment, though. Organizations who need to remotely poll network hardware such as switches and routers will want a tool that supports that type of functionality. If you need to work with non-Windows systems, you will not be able to use Microsoft Network Monitor. Finally, it is not well suited for performing application monitoring, device up/down monitoring, and other long-term or alerting functions. For that, you will want to look elsewhere.

All the same, Microsoft Network Monitor is a handy tool in a pinch. If you have a misbehaving application, it can give you the insight into why things are not working right and how to fix them. It is a lightweight tool with enough power to satisfy the needs of many.

User rating

Have you used Microsoft Network Monitor? If so, what do you think? Rate it and compare the results to what other TechRepublic members think. Give your own personal review of Microsoft Network Monitor or let us know if you think we left anything out in our review above.

Read our field-tested reviews of hardware and software in TechRepublic's Product Spotlight newsletter, delivered each Thursday. We explain who would use the product and describe what problem the product is designed to solve. Automatically sign up today!


Justin James is the Lead Architect for Conigent.

Editor's Picks

Free Newsletters, In your Inbox