The Windows NT Network Monitor and I had our first tentative meeting several months ago. I was
logged on to my Internet Service Provider (ISP) and noticed the Remote Access Service (RAS)
monitor's transmit and receive lights blinking. The traffic appeared to be originating at my server,
although I wasn't running a Web browser. Curious about the source of this activity, I started the
Network Monitor and smugly told it to log network activity. After the transmit and receive pattern
reoccurred several times in a 3-minute period, I stopped the logging and asked Network Monitor to
display the results. To my surprise, I saw absolutely nothing.
Thus began my long and sometimes frustrating adventure with network monitoring. Read along as I
retrace my steps: choosing and installing the "right" Network Monitor, setting it up to
capture network packets by populating the Address Database, learning how to log activity for my
local network and RAS connection, and figuring out how to include or exclude specific protocols from
the capture file. I also show how to customize a capture file display and interpret the individual
frames.
Installing Network Monitor
The version of Network Monitor that ships with NT Server is a trimmed-down version of the
Network Monitor that ships with Systems Management Server (SMS). The NT version captures packets
only on the machine it's installed on, and the SMS version captures packets from any system the
Network Monitor Agent software is installed on. This configuration is a security measure to keep
users from watching network traffic (although most users I know would rather be reading War and
Peace). Thus, if you want to monitor network activity on a local system only, install the NT
version; to monitor remote systems, install the SMS version.
You install the Network Monitor that ships with NT as a service in Network Properties. In the
Network Properties display, select the Services tab. If the Network Monitor Tools and Agent entry is
not on the list of installed services, choose Add and select the entry from the Select Network
Service scroll list shown in Screen 1. Press OK to start the installation. The Agent
collects packet information on the local machine, and the Tools portion captures, filters, and
displays the results. After you install Network Monitor, you see a Monitoring Agent applet in
Control Panel and Network Monitor in Administrative Tools.
To install Network Monitor from the SMS distribution kit, find the top-level directory--SMSnn
(e.g., SMS12). The Network Monitor files are in subdirectory nmext. Run setup.exe on DISK1 (e.g.,
sms12\disk1\setup.exe). The SMS version places Network Monitor in a common group called Network
Analysis Tools and places the Monitor Agent in Control Panel.
During installation, you're prompted to specify passwords to view captured log files and
capture and display network packets in realtime. If you are in a lab or test environment, you can
select No Password to disable security. However, if you're installing the monitor for enterprise
troubleshooting, take advantage of the password controls, which provide a safety net for keeping
unauthorized users from watching network traffic and possibly picking up clear-text passwords. (If
you later decide to place password controls on the capture or display functions or change from no
password to passwords, start the Monitoring Agent from Control Panel, click Password, and enter
passwords as needed.)
During the last portion of Network Monitor installation, both versions prompt you to install
the Monitoring Agent for this machine. The setup program finishes by starting the Network
configuration applet, so you can then install the Network Agent. After you install the Agent, reboot
to complete the installation. You must install the Monitor Agent service on all systems you might
want to monitor in the future.
Previous
Register
