Using NMCap to capture network data
The Network Monitor tool is not included with Windows default installations hence, you need to download it from Microsoft Download Center and run the installer on a target machine. The tool installs a network driver with each network adapter in order to be able to collect data. Using the equivalent command line tool NMCap requires you change directory to c:\Program Files\Microsoft Network Monitor 3\ which is the default installation folder. Then from the command prompt type:
Nmcap /? – to get a full list of options, for example:
Nmcap /network * /capture /file filename.cap – captures all traffic on all network interfaces and saves it to a file named filename.cap
Press Ctrl+C to stop the capturing process. You can then analyze the data captured using the Network Monitor tool by clicking the Open Capture button form the tool's main page.
Analyzing network data is best done expanding the frame details pane of the captured data as shown below:
Both the GUI Network Monitor and the command line NMCap require the Network Monitor driver to be installed hence, I suggest installing the complete tool prior to its usage. If your environment does not allow you to install the complete package, then another version exists which allows you to quickly capture traffic on a computer. Network Monitor OneClick which available from here, removes itself automatically once the capture is complete! Use the ExtractOnly package if you want to save the OneClick utility to a portable device, e.g., a USB key and later run the tool on a different machine.