Reducing Dropped Frames with Network Monitor 3.4

  by Darren J. Fisher – Network Monitor Development Lead Capturing network traffic is actually a very stressful task for most computers. With modern networks, traffic can arrive to a system at astounding rates. Most machines built these days have at least 1 Gbps network interfaces. When connected to a network of equal or faster…

3

Parser Profiles in Network Monitor 3.4

Parser Profiles are a new feature available in our 3.4 Beta. Rich parsers provide detailed information about every part of packet. However this detail comes with a price as it takes longer to parse and filter frames. Parser Profiles are designed to help in this regard by allowing you to quickly switch between profiles based…

4

Network Monitor 3.4 Beta Released on Connect!

We are extremely excited to announce that the Network Monitor 3.4 Beta has released on Connect. If you haven’t done so already, please sign-up (for free) and help us test the new version while exploring it. There are some great new features, UI enhancements, performance updates, and new APIs. Let’s take a quick gander and…

9

Office Parsers Available

A new set of parsers for decoding office protocols is now available on the download center. These parsers represent the protocols described by the documents in the MSDN Open Specifications for Office. Simply download and run the parser package for your platform. Next time you run Network Monitor the Office parser set will automatically be…

1

Network Monitor Parsers and the CodePlex Foundation

The Network Monitor Parser project is now part of the Systems Infrastructure & Integration Gallery of the CodePlex Foundation.  The CodePlex Foundation will now be responsible for further development and is using the new BSD license, which is OSI approved.  For a user perspective, you can still expect frequent updates of the parsers, which are…

2

Expert to Decrypt TLS/SSL Traffic

One of the most popular requests we’ve had is to provide a way to view encrypted traffic. The new Decryption expert aims to solve this problem for TLS/SSL traffic. Using the Decryption Expert The purpose of encrypting data in the first place is to hide private information from a third party who has intercepted your…

4

Measuring Response Times

It’s often useful to understand how long it takes for a request to get responded to. This helps you gauge how well a client or server is keeping up. This type of measurement can also be done at different layers; however there are some tricks you’ll have to learn. FrameVariable.TimeDelta In order to filter on…

1

Annotated Traces for Windows System Behavior

Microsoft publishes protocol documentation on MSDN that is intended to make it easier for others to develop interoperable implementations. “System Documents” provide overviews of system behavior for key systems such as Active Directory, File Sharing and Windows Security. The MSDN documentation for each of the System Documents is available here. We’ve recently released sets of…

1

SMB2 Data Fields and Properties

Properties:  Property.SMBFileIDPersistent – For SMB2, the file ID can be one of two types.  This represents the Persistent type. Property.SMBFileIDColatile – For SMB2, the file ID can be one of two types.  This represents the Volitle type. Property.SMBFileName – The file name for an SMB request.  This might also represent state information so frame data…

1

IPv4 Data Fields and Properties

Fields: IPv4.Address – Useful for filtering on an address independent of the direction. IPV4.SourceAddress – Represents the source address and is useful for filtering for traffic from a specific source. IPV4.DestinationAddress – Represents the source address and is useful for filtering for traffic toa specific destination.