If so, then you are probably familiar with Ethereal (now WireShark) for packet monitoring. If you haven’t played with Microsoft Network Monitor (Netmon.exe) since you tried it briefly in your MCSE 2000 course five years ago, I would strongly recommend taking another look. It has been re-written from scratch, and has some pretty awesome features.
The NetMon blog covers what we added in version 3.0 here: http://blogs.technet.com/netmon/archive/2006/09/27/459474.aspx
Best practices for using Microsoft Network Monitor (Netmon.exe) to capture packets can be found here: http://support.microsoft.com/default.aspx/kb/812953
Just a few short months after the release of version 3.0, however, 3.1 has just been released to Beta. Signup to downloat at https://connect.microsoft.com. New features include:
- Wireless (802.11) capturing and monitor mode on Vista – With supported hardware, (Native WIFI), you can now trace wireless management packets. You can scan all channels or a subset of the ones your wireless NIC supports. You can also focus in on one specific channel. We now show the wireless metadata for normal wireless frames. This is really cool for t-shooting wireless problems. See signal strength and transfer speed as you walk around your house!
- RAS tracing support on Vista – Now you can trace your RAS connections so you can see the traffic inside your VPN tunnel. Previously this was only available with XP.
- Right click add to filter – Now there’s an easier way to discover how to create filters. Right click in the frame details data element or a column field in the frame summary and select add to filter. What could be easier!
- Microsoft Update enabled – Now you will be prompted when new updates exist. NM3.1 will occasionally check for a new version and notify you when one is available.
- New look filter toolbar – We’ve changed the UI related to apply and remove filters. You can now apply a filter without having to UN-apply it first.
- New reassembly engine – Our reassembly engine has been improved to handle a larger variety of protocol reassembly schemes.
- New public parsers – These include ip1394, ipcp, ipv6cp, madcap, pppoE, soap, ssdp, winsrpl, as well as improvements in the previously shipped parsers.