Using the New Microsoft Network Monitor (netmon) 3.3 with Network Experts
Here at WindowsNetworking.com, we have a number of great articles on installation and usage of the Windows Network Monitor.
- Working With Network Monitor (Part 1)
- Working With Network Monitor (Part 2)
- Working With Network Monitor (Part 3)
- Working With Network Monitor (Part 4)
- Analyzing Traffic With Network Monitor
- Installing the Windows Server 2003 Network Monitor
These articles give us a strong foundation to build on and I certainly do not discount what they bring to the table. However, there is a new version of Network Monitor out with even more new features! In this article I will be covering the following:
- The new features of Network Monitor 3.3
- What the newly integrated “network experts” offer and how to use them
With that, let us answer a few basic questions about netmon first.
Network Monitor 3.3 – the Essentials
Here are 5 essential questions and answers about Network Monitor:
1. What is Network Monitor?
According to Microsoft’s official definition, Network Monitor is:
“A tool used for viewing the contents of network packets that are being sent and received over a live network connection or from a previously captured data file. It provides filtering options for complex analysis of network data.”
In other words, Network Monitor is a “protocol analyzer” or a “packet sniffer”.
2. What can Network Monitor do for me?
All that sounds great but what can it really DO FOR YOU? Protocol analyzers, like Network Monitor, can answer:
- What is REALLY going on in your network
- What device or what type of traffic is causing slowness
- Why is an application is failing
In general, it will give you insight into your network like no other solution can!
3. How much does Network Monitor cost?
Unlike many other protocol analyzers that can cost hundreds or thousands of dollars, Microsoft’s Network Monitor is free (thanks Microsoft!)
4. Where do I obtain Network Monitor?
You can download the latest version (3.3) of Network Monitor from the Microsoft Download Center – Network Monitor 3.3 webpage.
5. What operating systems is netmon compatible with?
One of the new features of Network Monitor 3.3 is that it is compatible with Windows 7. However, it is also compatible with Windows Server 2003, Windows Server 2003 Itanium-based editions, Windows Server 2008, Windows Vista (32 and 64 bit), and Windows XP (32 and 64 bit)
What’s new in Network Monitor version 3.3 ?
Now let’s look at the new features in Network Monitor 3.3:
- Frame Comments – as you analyze the network frames that netmon sees, you can attached comments to those frames for future reference and documentation.
Figure 1: Adding a Frame Comment
- Netmon API – There is now an API that programmers can use to put information into or pull information out of Network Monitor.
- Autoscroll – Allows you to see the most recent packets in a live capture as they come in. You can click Autoscroll to enable this or to freeze traffic.
Figure 2: Autoscroll in action
- Rick-Click Add-to-Alias – Gives you the option to quickly add aliases, compared to having to manually go to the alias tab and add a new alias by entering the IP address.
- Tunnel Capture Support – Allows you to capture traffic over tunnel adapters in Windows Vista SP2, Windows Server 2008, and Windows 7.
- WWAN Capture Support – Captures traffic over mobile broadband data cards on Win7.
- Experts to analyze your network captures – Experts are stand-alone applications that analyze Network Monitor capture data. You can install Experts and run them directly from the UI on a capture file. To search for experts, from an open capture file, click Experts on the main menu, and select Download Experts. (Read more about Expert below when I show you how to use these step by step)
- Right-Click Go-to-Definition - Right-click a field in the Frame Details window and select Go To Data Field Definition or Go To Data Type Definition to see where the field is defined in the NPL parsers.
To me, the biggest new features are Windows 7 support, Autoscroll, and Experts. Speaking of Experts, let me show you how to use them.
What are Network Monitor 3.3 Experts and how do you use them?
The Experts feature of netmon 3.3 is a major feature. I have seen this feature before in packet analyzers that cost thousands of dollars so it is nice to gain this ability now in Microsoft’s free packet analyzer. Essentially, Experts act as 1) more advanced and knowledgable network admins who can analyze your data for you and 2) assistants who can crunch data for you.
In other words, Experts are going to save you time and give you the answers that you might otherwise not have been able achieve.
There are no Experts included with netmon 3.3 so you need to download these tools from the Internet (at no cost). Something else of note related to Experts… To use experts, you must first save your capture files, and then reopen them. Experts are not going to work on live data.
Experts can be downloaded here.
Once you take a capture, close it, and reopen it, you will have access to Experts. You can access experts in two ways –
- Right-click on a frame and go to the Expert menu.
- Go to the Experts menu from the top menu drop-down.
Figure 3: How to apply and expert to a particular frame
Figure 4: Access the Expert drop-down for the top menu
The Expert shown (Top Users by Conversation) was one that I downloaded and installed.
Experts are tiny programs that you install, just like any other application.
In fact, here are the partial results of the Top Users by Conversation Expert that I downloaded and installed:
Figure 5: Results of Top Conversations by User
These results can be sorted by clicking on the headers. If you install the recommended add-ins you can graph the response as well.
Currently, the Network Monitor Team has published 2 Experts for download and more are on the way. Here are the two that are currently offered:
Figure 6: Available Experts from Network Monitor team
If you do not see the Expert you are looking for, you can download the SDK and write an expert of your own!
The new Network Monitor 3.3 has some very useful new features including Windows 7 support and the newly integrated Experts. I am really glad that Microsoft has chosen to continue to improve this powerful network protocol analyzer!
You can find more information about Network Monitor at the Microsoft Network Monitor Blog.