Marking Frames with Network Monitor 3.4

Marking frames is a convenient way to temporarily flag a location in the trace you wish to keep track of during a troubleshooting session. But there is no built in way to mark frames in Network Monitor 3.4. However, using frame comments, coloring rules, and AutoHotkey, you can implement frame marking functionality.

How it Works

Color rules can be created using any general filter. This includes filtering the frame comment title which is exposed using the property FrameVariable.CommentTitle. By appending some text to the comment title, for example “m:red”, we can create color rules that display a color based on that text. What makes this seamless is AutoHotkey’s ability to read and control and UI by running scripts based on the keystrokes we define.

The Setup

Following these three simple steps will allow you to mark frames with Network Monitor 3.4.

  • Install AutoHotkey (it’s free) – (https://www.autohotkey.com/) If you haven’t used this tool before, you’ll be surprised at all the cool things it can do. You might find some other clever ways to automate your computer if you decide to become familiar with AutoHotkey and its scripting language. But this knowledge is not necessary in order to implement color marking with Network Monitor 3.4.
  • Download and Run AutoHotKey Script - Once you have AutoHotkey installed, you can download the AutoHotkey script I created. Once it’s downloaded, you can double-click it to run, as it should be automatically associated with AutoHotkey. Once it runs, you’ll see the AutoHotkey icon running in toolbar section of the taskbar. Now, it’s ready to look for the defined key strokes and should appropriately add strings to the comments for the frame you have selected. But we still need to setup the color rules so Network Monitor knows how to interpret those comment identifiers. If you want this to run every time you reboot your machine, you can place a shortcut to this file in your “Start Programs”.
  • Download Color Rules - The final step is to download this color rule file and import it into Network Monitor 3.4. Place this file into the Color Rules folder under Network Monitor 3 in your documents folder. Then open Network Monitor 3.4 and open a capture file. Click the Color Rules button which will open up the Options dialog for Color Rules. Make sure the “Always append new rules” is NOT selected so that the newly imported rules appear at the top of the list. This will give them the highest priority. Then select Open, My Sets, and click the MarkingColors set that you just copied.

clip_image001

As you can see, there are 6 color rules defined to identify various strings; m:cyan, m:orange, m:purple, m:green, m:yellow, m:blue and m:red. When the appropriate key strokes are hit, the comment title is modified to add the related text. This triggers the associated coloring rule based on the first match in the list above.

Marking Frames with Shift-F1

Now with the previous steps completed, you will be able to select one frame and mark it. For instance, to mark a frame with the first defined color, just press Shift+F1. This should make the frame show up with a red background. Pressing Shift+F2 will override the color and change it to blue. The associated comment will now end with m:blue. You can also remove any comment color tags by using Shift+F12 or the original keystroke that marked the frame.

I’ve also enabled a multi-level color marking scheme. By using Ctrl+F1, you still get a Red colored frame. But when you press Ctrl+F2, it appends m:blue and since that has a higher priority in the color list the frame is displayed with a blue background. Then by pressing Ctrl+F12, you can revert to the previous color. It will remove that last applied color and leave the m:red portion of the text in the comment. At this point the frame will revert to a red background.

If you’ve applied multiple levels of colors using the Ctrl+Function Key, you can use Shift+F12 to remove them all. Also all of these comment additions should not affect any preexisting comments you have created, unless there’s some text resembling the “m:color” type identifiers I used.

Color Marks the Spot

Marking frames can provide an easy way to track interesting parts of a trace as you navigating your way through complex network traffic. You can even jump to the next marked frame by looking for “m:” in the Find dialog (Ctrl+F) with the filter CommentTitle.Contains(“m:”). And while it’s not perfect, for instance you can’t select multiple frames and mark them all, it does provide a simple way to mark frames with color using key strokes.