Packet Analyzer is one of the finest network traffic monitors available. This application is one of those tools that will quickly become your best friend in your network toolkit. It is feature-rich, robust, enterprise-ready, and packed with tools that will make your network troubleshooting a snap.
One of the notable features available in Packet Analyzer is the ability to create templates. This is a boon to busy network administrators who need to be able to change out filters on the fly and quickly. And the best news is that templates are simple to create and use.
This blog post is also available in PDF format in a TechRepublic download.
Getting up to speedFirst and foremost, Packet Analyzer is as simple to install as any other Windows application. You just download the installation file, double-click, and let the system install. Now, once you have the application installed, you will need to take care of a few items on the first run. Once you fire up the application, you will be greeted with the setup wizard, which will get your system ready (Figure A).
There are just a few configurations to take care of , and they are handled by this convenient wizard.Click Next to continue to the first step in the Wizard. The first step (as shown in Figure B) is selecting the proper networking adapter. If your machine has more than one, you will need to make sure you select the adapter you want to use to view the traffic on your network (you might have one adapter for WAN and one for LAN).
The setup wizard gives you more information about your network adapter than you probably ever knew.Once you have selected your network adapter, click Next. The final section of the setup wizard is to test your network adapter (Figure C). Click the Start Test button to start the testing. Once the wizard is satisfied with the test, you will see the Finish button appear, which you can click to complete the setup.
You can stop the adapter test at any time by clicking the Stop Test button.Finally Packet Analyzer will start up, and you will be greeted by the main window (Figure D).
If you click Start Capture Now without setting up filters, you will be greeted with the Project Settings window.
Creating a template
First, we're going to create a template. Let's say you want to create a template that monitors all traffic going in and out of your Web server at port 80. And let's say that Web server has an internal address of 192.168.1.44.If you attempt to create a filter for this, you're going to run into trouble because that address isn't available to select. The first thing you have to do is add that address to the Name Table. So click on the Name Table icon from the tool bar. When the name table opens, you will see that it is blank. To add a new name, click on the Insert button to open the Add To Name Table window (Figure E).
You can add a name by physical address, MAC address, or TCP-UDP port.
In the above case, we will add a physical address, so select Physical Address from the Type drop-down list. Next enter the actual address, give the address a name, and (if desired) select a color for the adapter.
Once this is done, you will have that address available to you when creating filters. Now the Web server can be monitored.Go back to the main window and click the Start Capture Now button to open the Project Settings window. The first thing to do is click on the Filter tab (Figure F).
As you can see, there are no filters in place yet, so all traffic is monitored.Now, click on the Add button to open the Add Filter window shown in Figure G.
Add Filter window
Much of the information needed is straightforward; however, it is easy to get confused when adding the new server address.Check the Address Filter button, select IPv4 Address from the drop-down list. Now, click the right arrow on the address bar (the second bar below Port 1 in the Address 1 space) and select Select From Name Table. This will open up the Name Table. Scroll to the bottom to see all the addresses manually entered (Figure H).
As you can see, there are a lot of pre-added addresses to choose from.
Now to monitor both incoming and outgoing traffic to the Web server, select Both Directions from the Directions drop-down list. The port to monitor the added server will be 80, so select Single Port from the drop-down list and enter 80 for the number. Again Both Directions is selected.Now for the Protocol filter there is a very handy window that will open by clicking the Select button. This protocol filter makes it very easy to select the proper protocols. From the protocol window shown in Figure I, select HTTP and click OK. (You might want to also add HTTPS).
You can add multiple protocols.And now the project has a filter in place (Figure J).
You could add more filters, but in our example we want to monitor only simple Web traffic in and out of one server.Now, click OK and a small warning window will open, instructing that e-mail alerts will not be sent because that feature has not been configured. Click OK to this warning, and Packet Analyzer will begin the monitoring process. Figure K shows Packet Analyzer at work.
Even on a small internal network, there is plenty of traffic building even after only a few seconds of running.
Using the template
Once you have this project set up properly, go to File and select Save As Template. Give this template a simple name, such as WEB_SERVER_NAME (where NAME is the actual name of the server), and save the project in a local folder. Now when you need to monitor Web traffic to that particular server, fire up Packet Analyzer, go to the File menu, select New From Template, navigate to the proper template, select Open, and click Yes to start capturing traffic.
Create a template for every type of traffic and/or every machine on your network you need to monitor, and you have an instant access-monitoring toolkit that is always at the ready.
Packet Analyzer is an outstanding tool for network monitoring, and taking advantage of the templates feature turns what could be an all-too-often cumbersome task into something that is as simple as any network monitoring tool can be. If you use Packet Analyzer, do yourself (and your network) a favor and start creating templates as soon as possible. Your network will thank you.
TechRepublic's Windows Vista Report newsletter, delivered every Friday, offers tips, news, and scuttlebutt on Vista development, as well as a look at new features in the latest version of the Windows OS. Automatically sign up today!
Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.