Filtering On Timestamps

There are situations when you want to narrow a trace down to a certain time frame. However, creating a filter for a timestamp is not very straight forward. We will discuss how timestamps operate and ways to make filtering on timestamps workable. How Time Stamps Work With the latest version of Network Monitor 3.4, there…


New Videos for Advanced Filtering and 3.4 UI Features

You folks have been asking for updated videos about filtering and now I’ve made two more available. These include information about filtering with properties to understand how to access TCP and SMB values that don’t appear directly on the wire. We talk about operands and how to filter out traffic you don’t want to see….


Reassembly Made Easier

By using our latest 3.4.2455 release of the parsers and using a simple filter, you can now view reassembled traffic more easily for certain protocols. Normally when you reassemble a trace you see all the original frames plus the newly inserted reassembled frames. Using a filter with a brand new property, you can now see…


Marking Frames with Network Monitor 3.4

Marking frames is a convenient way to temporarily flag a location in the trace you wish to keep track of during a troubleshooting session. But there is no built in way to mark frames in Network Monitor 3.4. However, using frame comments, coloring rules, and AutoHotkey, you can implement frame marking functionality. How it Works…


Network Monitor Freezes While Loading Capture

If you encounter a situation where Network Monitor freezes while opening a capture file, try updating to the latest parsers from the CodePlex Parser Site. A parser issue with SMTP traffic causes the engine to get in a state where we get stuck in a loop. But fortunately this is easy to fix by installing…


Trouble Accessing Some Fields with API

With the Network Monitor API you can access any field by adding its path and then accessing the offset, size or value using one of the Field Value Functions like NmGetFiledOffsetAndSize or NmGetFieldValueString. But for certain paths this does not work properly. In this blog we’ll discuss how to work around this problem. Adding Fields…


Using High Performance Filtering

There are certain scenarios where the High Performance Filtering feature added in Netmon 3.4 will provide the best performance for capturing with a filter. The idea is to filter frames before they hit the disk which can improve your performance by reducing the impact on the capturing machine. High Performance filtering can be performed with…


Using Color Rules to Show Direction

By Jin Feng Differentiating client requests and server responses can provide a clear-cut view and make it easier to understand what’s going on within a trace. Normally, with a flat trace this can be hard to determine and distinguish one packet from another. However with Network Monitor Color rules, it enables us to highlight frames…


Blog Makeover: Network Monitor Landing Page

We’ve redesigned the Network Monitor Blog in order to make it easier to find resources that have accumulated over the years. The FAQ on the TechNet wiki is a user editable resource, so feel free to extend it to include any frequently asked questions other users might benefit from. Another wiki resource is the Common…


Network Monitor 3.4 has Released!

I’m proud to announce the release of Network Monitor 3.4 to the Microsoft Download center. We’ve included a bunch of new exciting features and updates. A new high performance capturing feature allows you to capture on faster networks without dropping frames. Parser profiles provide a simple way to increase filtering/parsing speed and allow you to…