Quick Network Monitor installation and capture guide

Posted on 2011-03-22 in windows-server • 401 words • 2 minute read

Last updated on 2011-03-22

Tags: Administration, Free, Windows 7, Windows Server

Have you dealt with network sniffers? Aren’t you a Linux friend? Then, if you need a native full-compatible network sniffing tool to use it from your Windows workstation; Network Monitor from Microsoft can make your day. It is a protocol analyzer and allows you to capture network traffic, view and analyze it without holding a degree in console commands.

Network Monitor is not included with the Windows, and needs to be downloaded from Microsoft. Last version when writing this post was 3.4 and it is available here.

How to install it? Here you have a quick image guide to do it.

1. Download latest version from Microsoft, here.
2. Double click the downloaded file to start the installation, click Yes.
   Note that adminsitrative rights are needed on the destination computer to correctly install the Network Monitor.
3. The installation wizard will startup, click Next.
4. Accept the EULA and click Next.
5. Select what kind of installation do you want to perform and click Next I have chosen a Complete installation.
6. Select or not Create shortcut for Network Monitor on the desktop and click Install.
7. After installation a final window stating that you need to logoff and logon again to start capturing traffic will appear, click Finish to conclude installation. Proceed with the re-logon process.

At this point, you have installed Network Monitor in your workstation and can start capturing traffic for later analysis and review. Let me show you an example; let’s capture some of the traffic generated by the process skype.exe on my computer….

1. Right click on the desktop icon and select Run as Administrator. Click Yes on the UAC screen.
2. On the Start Page, select the Networks (1) you want to sniffer with Network Monitor, and then select New Capture (2).
3. Click Start (1) to initiate the traffic capture on the selected networks. All traffic will be grouped by process automatically under Network Conversations (2), and detailed traffic will appear automatically on the Frame Summary (3)zone.
4. To filter the traffic to see just one process, right click over the Process Name on any registered frame belonging to that process and select Add Process Name to Display Filter.

That is the way we use to create filters and display just the information needed. This helps to remove non-interesting data and focus just on the one you need to troubleshoot or diagnose a network problem.

Want to learn more? Check Network Monitor team Blog, here.