EventMon: Stopping a Capture Based on an EventLog Event

Having worked in Product Support for many years, I’ve had many occasions where a specific Event Log error was showing up, and we wanted to understand how this event related to the problem we were t-shooting. And in some cases, the Event Log error was the problem we were t-shooting. So the task at hand…

7

Trouble Shooting Name Resolution with NM3

  Using the previous blog on “Intro to Name Resolution” we should have a basic idea of what is supposed to happen when a name needs to be resolved.  Now let’s discuss how you’d use Network Monitor to determine where the problem is when connecting to your network resource.  But let’s first list out some…

7

NMDecrypt Expert Updates – Version 2.3

When I first wrote about NMDecrypt Expert in this blog I mentioned some limitations. There have also been bugs reported since then. I decided I would fix some of these problems and address some of the limitations. My hope is to make this tool even more useful, but also to point out other ways community…

6

Event Tracing for Windows and Network Monitor

Event Tracing for Windows, (ETW), has been around for quite a while now as it was introduced in Windows 2000. It’s basically instrumented logging that describes what a component is doing. Conceptually, it’s something like the proverbial printf(“here1”) concept used by programmers, but it is present in retail builds. When you enable logging in a…

6

Using Color Rules to Show Direction

By Jin Feng Differentiating client requests and server responses can provide a clear-cut view and make it easier to understand what’s going on within a trace. Normally, with a flat trace this can be hard to determine and distinguish one packet from another. However with Network Monitor Color rules, it enables us to highlight frames…

6

Message Analyzer has released!

Thought I should mention here that Message Analyzer has released.  Read the full story on our Message Analyzer blog.

6

Using NMAPI to Access TCP Payload

The TCP Payload often carries data that you want to access directly using the Network Monitor API. Below I will detail how to do this using a simple C++ example and the NMAPI. Why Not add a TCP.Payload Field? The TCP Payload can carry all types of payloads depending on the protocol that rides on…

6

Adapters Are Missing After Upgrading to Windows 7

If you have just upgraded to Windows 7, you might notice that you no longer see any adapters listed in your Select Networks selection. There is a very simple way to fix this problem. First run CMD as administrator. If you have not done this before, you can use the search option in the start…

6

Color Filtering Error Messages

  Color Filters in Network Monitor are a simple way to make frames stick out in a trace.  Dealing with large traces often makes it difficult to see important information.  The sea of data represented by network traffic becomes a difficult backdrop to catch errors that occur.  This blog will focus on creating color filters…

6

Capturing a Trace at Boot Up

Capturing a trace during a boot is a common task that can be difficult to accomplish. In fact the most fool proof way to capture all traffic at boot is to capture the traffic from a 3rd party capturing machine in promiscuous mode. But this requires you to mirror or span a port on your…

6