Network tracing (packet sniffing) for Windows Server 2008 and Windows Server 2003

  • Article

Applies to:

Windows Server 2008

Windows Vista

Windows Server 2003

Windows XP

To capture network packets (for those coming from a Unix background, Packet sniffer or protocol analyzer, or TCPDump), you will need to install Network Monitor (Netmon)

Microsoft Network Monitor 3.4

https://www.microsoft.com/en-us/download/details.aspx?id=4865

image

Depending on which processor you have, pick the right one.

In this example, I’ll be using the x64 package.

image

Click on “Run”

image

Click on “Run”

image

Click on “Yes”

image

Click on “Yes”

image

Select the radio button for “I accept the terms in the License Agreement”

image

Click on “Next”

image

Click on “Typical”

image

Click on “Install”

image

Click on “Finish”.

Ok, now we are ready to collect data.

 

image

Right click on the “Microsoft Network Monitor 3.4” icon

image

Click on “Run as administrator”

Warning:  If you don’t elevate, you will not be able to see the Network Interfaces.

image

Select the “Network (s)” that you want to monitor.

image

Click on Tools and Options…

image

Click on the “Parser Profiles”

image

Select “High Performance Capturing”

Click on “Set As Active”

Click on OK

image

Click on “New capture tab”

image

Whenever you are ready to start the network capture, click on “Start”

 

Write down the questions to help you and your peers analyze the network trace.

Network tracing (packet sniffing) data to provide when troubleshooting.
https://blogs.technet.com/b/yongrhee/archive/2012/12/20/network-tracing-packet-sniffing-data-to-provide-when-troubleshooting.aspx