Windows IT Pro is the leading independent community for IT professionals deploying Microsoft Windows server and client applications and technologies.
  
  
  Advanced Search 


August 2004

Dive into Network Monitor

Peek into packets and spot traffic tie-ups with help from Microsoft's network analyzer
From the August 2004 Edition
of Windows IT Pro
Alan Sugano
Feature
InstantDoc #43205
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Protocols Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!
SideBar    Network Monitor Versions

Network Monitor is a component of the Windows Server OSs and Microsoft Systems Management Server (SMS) that lets you monitor network traffic as it crosses the wire. By using Network Monitor, you can monitor network traffic in real time or capture and store packets for later analysis. You can use the information that Network Monitor captures to troubleshoot problems on LANs, WANs, and virtually any device that uses TCP/IP to communicate. Network Monitor has three primary uses:

  • Troubleshooting network connectivity. This is the number-one reason to use Network Monitor. If you have two machines that have problems communicating with each other, you can use Network Monitor's Network Trace feature to help determine the problem's exact cause. You can also use Network Monitor to view each TCP/IP packet that travels between the two devices and the information contained within each packet.
  • Assessing network performance. Network Monitor gives you a clear picture of current network utilization. If you suspect that you have a network performance bottleneck, you can use the information that Network Monitor provides—such as detailed network-utilization statistics and information about the network traffic source—to find the bottleneck. Although you typically won't use Network Monitor to initially identify a problem as network communications­related, it's a great second-level troubleshooting tool that can help you further pinpoint a problem and displays much more detail than Performance Monitor does.
  • Troubleshooting beaconing hardware devices. Before switched networks existed, you could use Network Monitor to track down problems with hardware devices on a network. You can still use Network Monitor to track fragmented or damaged packets sent out by faulty equipment, but to do so you'll probably need the full version of Network Monitor, which supports remote agents and the capture of packets on a network segment even when the traffic isn't directed to the machine that's running Network Monitor. (For more information about the two versions of Network Monitor, see the sidebar "Network Monitor Versions.") If you have a managed switch, you can use a combination of the managed-switch statistics and Network Monitor to obtain as clear a picture of the problem as possible when diagnosing faulty network hardware.

Installing Network Monitor
To use Network Monitor, you must have a NIC that supports promiscuous mode installed in the server that's running SMS or Network Monitor. (Most NICs support promiscuous mode.) Network Monitor isn't installed by default unless you explicitly selected it when you installed Windows Server 2003 or Windows 2000 Server. To install the version of Network Monitor that's included in Windows 2003 or Win2K Server, perform these steps:

  1. Open Control Panel (click Start, highlight Settings, and click Control Panel).
  2. Double-click Add or Remove Programs.
  3. Click Add/Remove Windows Components.
  4. Click Management and Monitoring Tools, then click Details.
  5. Select the Network Monitor Tools check box and click OK.

Starting Network Monitor
After you've installed Network Monitor, you're ready to start the utility. Click Start, Programs, Administrative Tools, Network Monitor. (Alternatively, you can run Network Monitor from the command line or use a batch file to automate packet captures.) You'll see the initial Network Monitor screen. To start capturing packets, click the Capture button. After Network Monitor starts capturing packets, the Network Monitor window will look similar to the window in Figure 1. As you can see, Network Monitor's main window consists of four panes that display different types of information.

Network utilization bar graphs. The first pane (pane 1, red frame) contains a bar graph that displays traffic statistics on your server. The first bar—% Network Utilization—is the most important one. If your server is on a shared segment with other computers and your network utilization exceeds roughly 35 percent, the server could have a serious network bottleneck. Ethernet uses the Carrier Sensing Multiple Access with Collision (CSMA/CD) protocol, which detects collisions. On a nonswitched Ethernet network, network utilization above 35 percent generates numerous collisions, which dramatically decrease throughput. If you're experiencing high network utilization, consider installing an Ethernet switch to increase throughput.

If your server is connected to a dedicated switch port, network utilization can go much higher without producing network delays. However, if your network utilization averages above 80 percent, consider installing a NIC with dual ports or upgrading the backbone to Gigabit Ethernet or 10 Gigabit Ethernet. If you have many broadcasts or multicasts, or both, per second (i.e., more than 50), you could have a beaconing NIC or just many computers that issue broadcasts. It's a good idea to gather network traffic statistics before you have a problem, so that you have a baseline by which to compare your current network traffic with historical network traffic patterns.

Network connections. The second pane (pane 2, blue frame) displays a list of devices with which the server is communicating. The names in the Network Address 1 column are either the names of Network Monitor­supported NICs that are in use on your network or unsupported NICs' Media Access Control (MAC) addresses. (To display a list of NICs on your network, select Options, Show Vendor Names.) The 1->2 column displays the number of packets sent to the device in Network Address 2, and the 1<-2 column displays the number of packets received from Network Address 2. Unusually high numbers of packets that originate from specific network addresses can indicate a beaconing NIC or heavy traffic from specific network devices.

Network statistics. The third pane (pane 3, green frame) displays statistics about the current network packet trap. If you plan to capture packets for longer than 1 minute, you might have to increase the capture-buffer size, otherwise you'll start to lose packets in the capture buffer. The default capture-buffer size is only 1MB, which can fill up almost instantly on a busy network. When the buffer is full, the oldest packets are discarded and replaced with new packets. To modify the buffer size, select Capture, Buffer Settings and change the buffer-size setting. Don't set a buffer size that's greater than the amount of available physical memory, or you might drop frames because of page-file swapping.

   Previous  [1]  2  3  4  Next 


Top Viewed ArticlesView all articles
Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...

WinInfo Short Takes: 4th of July Special Edition

An often irreverent look at some of the week's other news, including a shortened work week thanks to the 4th of July, expensive Windows 7 pricing, Bing's modest monthly gains, IE 8 heading to work, Steve Jobs back at Apple, and so much more ...

Google Wave Emulates Trends of Changing World

As collaboration continues to increase, the world and how individuals view information is evolving. What does that mean for IT? ...
Windows OSs Whitepapers Why SaaS is the Right Solution for Log Management
Related Events WinConnections and Microsoft® Exchange Connections

No Do Overs – Get Virtualization Right the First Time

Cutting Costs with Client Management

Check out our list of Free Email Newsletters!
Windows OSs eBooks Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys

SQL Server Administration for Oracle DBAs
Related Windows OSs Resources Introducing Left-Brain.com, the online IT bookstore
Looking for books, CDs, toolkits, eBooks? Prime your mind at Left-Brain.com

Discover Windows IT Pro eLearning Series!
Clear & detailed technical information and helpful how-to's, all in our trademark no-nonsense format

Test Drive IT Solutions and Get Free Music Downloads
Solve your toughest IT problems with these free downloads and receive 5 free music downloads!


ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Get Microsoft Microsoft Certified With Train Signal Computer Training
Train Signal’s computer training software videos will teach you the skills you need to get certified and gain experience in areas like Windows Server 2008, Exchange Server, SharePoint Server, and more.
Get Mark Minasi’s Windows Server 2008 Audio CDs
"Windows expert, consultant and best-selling author Mark Minasi shows you if 2008 is right for you and, if so, how to get the most out of it!

Desktop Management is a Never-Ending Job for Administrators
Get a complete desktop management solution to centralize the management of thousands of desktops that will help you keep up with increased demand with limited manpower.

Integrate Fax Servers into Your Unified Communications Plan
In this fundamentals eBook you will learn how you can implement a solution that is easy to support, secure, and integrate.

Take Control of Your Email
Optimize your email storage – Download this white paper to learn key how-to’s in email storage management.

Get Windows IT Pro To Go!
The Windows IT Pro Magazine Master CD is a powerful combination of content and convenience.   Order now, and save up to 25%--plus you’ll get online access to new articles each and every month!  Subscribe today!
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro DevProConnections IT Job Hound ITTV
IT Library Technology Resource Directory Connected Home asp.netPRO Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 © 2009 Penton Media, Inc. Terms of Use | Privacy Statement | Reprints and Licensing