Capturing Data with Network Monitor
To capture network data from the Network Monitor interface, click Create A New Capture Tab. Clicking Play starts a capture, clicking Pause pauses a capture, and clicking Stop finishes a capture. You are most likely to use Network Monitor when trying to diagnose a network-related problem with the server on which you have installed the network monitor. When doing this, start a Network Monitor capture, attempt to replicate the problem, finish the capture, and then analyze the capture data. Examining the capture data enables you to see what network data the server sent and received when you replicated the issue. This can lead you toward finding a solution for the problem. Figure 9-18 shows the results of a packet capture during a Domain Name System (DNS) request for www.microsoft.com. You are most likely to find the Frame Summary and Frame Details panes most informative when examining packet capture data. The Hex Details pane shows the contents of the frame, but you generally will not need this level of detail to diagnose network problems.
- FIGURE 9-18 Packet capture.
You can perform network captures from the command prompt by using the nmcap.exe command, which is located in the Network Monitor installation folder. A simple capture, in which all data from all network interfaces is captured, uses this syntax:
Nmcap.exe /network * /capture /file c:\temp\filename.cap
The default capture size is 20 MB; you should ensure that nmcap.exe writes it to a location other than the Network Monitor folder. You can place nmcap.exe in promiscuous mode so that all traffic is captured, using the /disablelocalonly option. You can open a command-line capture from within the Network Monitor console.
Post a comment