Microsoft Network Monitor
Microsoft Network Monitor is a tool developed by Microsoft to make the task of troubleshooting complex network problems easier and more economical. It is packaged as part of the Microsoft Systems Management Server product, but can be used as a stand-alone network monitor. In addition, Windows NT and Windows 95 include Network Monitor Agent software, and Windows NT Server and Windows 2000 include a limited version of Network Monitor. Stations running Network Monitor can attach to stations running the agent software over the network or by using dial-up (remote access) to perform monitoring or tracing of remote network segments. This can be a very useful troubleshooting tool.
Network Monitor works by placing the NIC on the capturing host into promiscuous mode so that it passes every frame on the wire up to the tracing tool. (The limited version of Network Monitor that ships with Windows 2000 Server allows only traffic to and from the computer to be traced.) Capture filters can be defined so that only specific frames are saved for analysis. Filters can be defined based on source and destination NIC addresses, source and destination protocol addresses, and pattern matches. Once the frames have been captured, display filtering can be used to further narrow down a problem. Display filtering allows specific protocols to be selected as well.
Windows NT–based computers use the Server Message Block (SMB) protocol for many functions, including file and print sharing. The smb.hlp file in the Netmon parser directory is a good reference for interpreting this protocol.
Internet FAQ top