Hardware

Spotlight: Microsoft Network Monitor 3.3

By · August 13, 2009, 6:52 AM PST · markwkaelin

Image 1 of 7

  • Conversations

    Here, you can see on the left how Microsoft Network Monitor organizes the "conversations." In this particular view, we see that Internet Explorer has three processes making connections. The one I selected has made connections to two separate IP addresses, and within the connection I opened, we see one "conversation." In the center of the screen are displayed all of the packets in the currently selected portion of the tree (including sub-items). In this case, I have drilled down to view only the HTTP connections to 65.55.11.218.

    For a full review, check out the Product Spotlight Blog.

    Images by Justin James for TechRepublic

  • Parsers tab

    The Parsers tab allows you to create and modify the various parsers. This would come in handy to debug an application that uses a custom protocol, for example.

    Images by Justin James for TechRepublic

  • New cpature

    When you start a new capture, you can select which network adapters (including VPN connections) that you wish to monitor. If you do not select the VPN connection, then the traffic over that tunnel will still appear in the actual NIC itself, but the capture will not be aware of the data within tunnel beyond the bytes themselves going through it.

    Images by Justin James for TechRepublic

  • In depth view

    This is what an in-depth view of an individual frame looks like. Because this is an HTTP transmission, and there is a parser for HTTP, you can see how the display can turn the data into a useful tree. This is a great feature because it lets you rapidly locate the exact information that you are looking for.

    Images by Justin James for TechRepublic

  • Inspecting HTTPS

    Inspecting HTTPS communications is rather limited, because the data within the conversation (other than the initial headers) is encrypted. If you need to know what is inside SSL transmissions, you will need to use a proxy server of some type.

    Images by Justin James for TechRepublic

  • Writing a filter

    When writing a filter, the UI can pop up a list of available items (similar to many code editors) based on what you have already typed. In this case, we are being shown the items below the TCP group that we can filter on.

    Images by Justin James for TechRepublic

  • Filtered view

    Here, we have applied a filter to show only the items in the currently selected branch of the conversation tree (in this case "All Traffic") with a specific IP address in the destination. The address filters are flexible, and can filter on source, destination, or both.

    Images by Justin James for TechRepublic

Conversations

Here, you can see on the left how Microsoft Network Monitor organizes the "conversations." In this particular view, we see that Internet Explorer has three processes making connections. The one I selected has made connections to two separate IP addresses, and within the connection I opened, we see one "conversation." In the center of the screen are displayed all of the packets in the currently selected portion of the tree (including sub-items). In this case, I have drilled down to view only the HTTP connections to 65.55.11.218.

For a full review, check out the Product Spotlight Blog.

Images by Justin James for TechRepublic
Related Topics:
Hardware Innovation Mobility Networking Storage Data Centers Smart Persons Guides

By Mark Kaelin

Mark W. Kaelin has been writing and editing stories about the IT industry, gadgets, finance, accounting, and tech-life for more than 25 years. Most recently, he has been a regular contributor to BreakingModern.com, aNewDomain.net, and TechRepublic.

Show Comments