No Frames Captured Due to Disk Quota

In certain instances, you start a capture and no frames are captured. Or perhaps the UI suddenly stops displaying new frames. The display doesn’t indicate any dropped frames and you’ve already verified that your selected adapter is the one that should see the traffic. Mysteriously, this worked in the past or maybe it never at…

4

When You Can’t Save Frames From the UI

You might have run into an occasion when doing a capture from the UI that you are unable to save your capture. You might receive a message like “Not enough storage is available to process this command”. The UI tends eat up a lot of resources as it saves conversation information and builds the conversation…

2

Adapters Are Missing After Upgrading to Windows 7

If you have just upgraded to Windows 7, you might notice that you no longer see any adapters listed in your Select Networks selection. There is a very simple way to fix this problem. First run CMD as administrator. If you have not done this before, you can use the search option in the start…

6

Reassembling Packets with the Network Monitor API

Network traffic by nature is fragmented. Limits of various network packet sizes force protocols to chop up data into multiple frames. When you capture data or read it from a trace with the API (NMAPI) you see only the fragments by default. But as the engine is collecting packets, it can be configured to pass…

3

Network Monitor Videos on Channel 9

We posted some videos to Channel 9  in the last 6 months or so, and I wanted to let everybody know about them. We have one set of video’s that provide some insight into the Network Monitor API and process of creating experts. This series provides an overview of the API and dives deeply in…

1

Using NMAPI to Access TCP Payload

The TCP Payload often carries data that you want to access directly using the Network Monitor API. Below I will detail how to do this using a simple C++ example and the NMAPI. Why Not add a TCP.Payload Field? The TCP Payload can carry all types of payloads depending on the protocol that rides on…

6

SMB Opportunistic Locking Behavior

Behold the mysterious world of OpLocks (Opportunistic Locking). Often OpLocks will be disabled by a user or system administrator in order to help address a performance problem. And this practice might not always be the best course of action. Understanding how OpLocks behave in a trace can provide you more information so you can properly…

1

Delayed Write Failure Trace Study

In this “Trace Study”, we’ll look at a case where the customer is seeing delayed write failures logged in the event log. Delayed write failures are reported when a file being written over the network is inaccessible for a time. Based on a trace taken at the same time as the error was logged, we…

1

Chained Captures and Stitching Them Back Together

When you use NMCap to capture data you have an option to save the capture files as a chain. As the current capture file format has a limited size, this option allows you to continually capture the data in successive files. This also gives you some flexibility to limit the size. If you are sending…

3

I Can’t View My Windows Home Server at Home

I have a friend who just received his Windows Home Server. Home Server allows you to access it remotely so you can share photos, Remote Desktop and backup documents. The provided documentation includes details on how to setup your router, open ports, and setup an external name like “myhomesrv. homeserver.com.” The problem was, when he…

3