Network Monitor to Open Source Parsers on CodePlex

by Paul Long on November 07, 2008 10:49am

Today I am excited to announce that the development of protocol parsers for Microsoft Network Monitor is moving into an open source model, hosted on CodePlex.  This site will host development of parsers for public protocols and for protocols described in our Open Protocol Specifications for Windows.

Network Monitor is a free protocol analyzer and network sniffer.  It allows you to capture and view network traffic in a format that is easier for humans to read. It is often used as a troubleshooting/development tool or to validate that a protocol is behaving as you expect.

We've started the ball rolling by releasing an updated parser package and creating a source tree on Codeplex.  While this process will take time, we hope to have all bugs filed on the site within a few months, as well as having all parser development taking place directly on CodePlex.

Every month we'll post a new installer package that Netmon users will be able to install, so as to benefit from the latest changes.

As we continue to evolve, we hope that the community will get involved by filing bugs and suggestions, contributing code and new parsers, and helping us improve how information like summaries and field descriptions are displayed.

At some point we also anticipate that some of our committed users will manage subsets of the parsers.

We are also really excited about the impact of making our parsers open source.  The force of the community should help us keep up with the quickly changing world of new protocols and updated documentation.

If you want to contribute, please join the community on CodePlex and start giving us feedback.

For historic background, Network Monitor 3 was a complete re-write of the Network Monitor program that previously shipped in Windows Server and SMS.

One of the major design changes is that the parsers - code that describes how network packets are decoded - are written in a custom language and included with the product.

Most industry protocol analyzers include parsers as static compiled code, or DLLs, which make them harder to update and maintain.  By contrast, because the Netmon parsers are run within our execution environment, they can provide a layer of protection against overruns and therefore help protect the user from poorly written code which can expose security vulnerabilities.

At the same time that Network Monitor 3 was being developed in 2004, the product teams were in the process of creating the documents for the Microsoft Open Protocols.

So, at that point, we were able to partner with our document writers and get parsers written for these open protocol specifications for Windows.  Not only did this help us verify the documentation, but it also provides a strong base of parsers for Network Monitor that makes troubleshooting network traffic very transparent.

For the latest version of Network Monitor, visit our download page.

For more information and tips on using Network Monitor go to our blog.

Thanks and enjoy!