Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


August 2004

Dive into Network Monitor

Peek into packets and spot traffic tie-ups with help from Microsoft's network analyzer
From the August 2004 Edition
of Windows IT Pro
Alan Sugano
Feature
InstantDoc #43205
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Protocols Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!
SideBar    Network Monitor Versions

Network Monitor is a component of the Windows Server OSs and Microsoft Systems Management Server (SMS) that lets you monitor network traffic as it crosses the wire. By using Network Monitor, you can monitor network traffic in real time or capture and store packets for later analysis. You can use the information that Network Monitor captures to troubleshoot problems on LANs, WANs, and virtually any device that uses TCP/IP to communicate. Network Monitor has three primary uses:

  • Troubleshooting network connectivity. This is the number-one reason to use Network Monitor. If you have two machines that have problems communicating with each other, you can use Network Monitor's Network Trace feature to help determine the problem's exact cause. You can also use Network Monitor to view each TCP/IP packet that travels between the two devices and the information contained within each packet.
  • Assessing network performance. Network Monitor gives you a clear picture of current network utilization. If you suspect that you have a network performance bottleneck, you can use the information that Network Monitor provides—such as detailed network-utilization statistics and information about the network traffic source—to find the bottleneck. Although you typically won't use Network Monitor to initially identify a problem as network communications­related, it's a great second-level troubleshooting tool that can help you further pinpoint a problem and displays much more detail than Performance Monitor does.
  • Troubleshooting beaconing hardware devices. Before switched networks existed, you could use Network Monitor to track down problems with hardware devices on a network. You can still use Network Monitor to track fragmented or damaged packets sent out by faulty equipment, but to do so you'll probably need the full version of Network Monitor, which supports remote agents and the capture of packets on a network segment even when the traffic isn't directed to the machine that's running Network Monitor. (For more information about the two versions of Network Monitor, see the sidebar "Network Monitor Versions.") If you have a managed switch, you can use a combination of the managed-switch statistics and Network Monitor to obtain as clear a picture of the problem as possible when diagnosing faulty network hardware.

Installing Network Monitor
To use Network Monitor, you must have a NIC that supports promiscuous mode installed in the server that's running SMS or Network Monitor. (Most NICs support promiscuous mode.) Network Monitor isn't installed by default unless you explicitly selected it when you installed Windows Server 2003 or Windows 2000 Server. To install the version of Network Monitor that's included in Windows 2003 or Win2K Server, perform these steps:

  1. Open Control Panel (click Start, highlight Settings, and click Control Panel).
  2. Double-click Add or Remove Programs.
  3. Click Add/Remove Windows Components.
  4. Click Management and Monitoring Tools, then click Details.
  5. Select the Network Monitor Tools check box and click OK.

Starting Network Monitor
After you've installed Network Monitor, you're ready to start the utility. Click Start, Programs, Administrative Tools, Network Monitor. (Alternatively, you can run Network Monitor from the command line or use a batch file to automate packet captures.) You'll see the initial Network Monitor screen. To start capturing packets, click the Capture button. After Network Monitor starts capturing packets, the Network Monitor window will look similar to the window in Figure 1. As you can see, Network Monitor's main window consists of four panes that display different types of information.

Network utilization bar graphs. The first pane (pane 1, red frame) contains a bar graph that displays traffic statistics on your server. The first bar—% Network Utilization—is the most important one. If your server is on a shared segment with other computers and your network utilization exceeds roughly 35 percent, the server could have a serious network bottleneck. Ethernet uses the Carrier Sensing Multiple Access with Collision (CSMA/CD) protocol, which detects collisions. On a nonswitched Ethernet network, network utilization above 35 percent generates numerous collisions, which dramatically decrease throughput. If you're experiencing high network utilization, consider installing an Ethernet switch to increase throughput.

If your server is connected to a dedicated switch port, network utilization can go much higher without producing network delays. However, if your network utilization averages above 80 percent, consider installing a NIC with dual ports or upgrading the backbone to Gigabit Ethernet or 10 Gigabit Ethernet. If you have many broadcasts or multicasts, or both, per second (i.e., more than 50), you could have a beaconing NIC or just many computers that issue broadcasts. It's a good idea to gather network traffic statistics before you have a problem, so that you have a baseline by which to compare your current network traffic with historical network traffic patterns.

Network connections. The second pane (pane 2, blue frame) displays a list of devices with which the server is communicating. The names in the Network Address 1 column are either the names of Network Monitor­supported NICs that are in use on your network or unsupported NICs' Media Access Control (MAC) addresses. (To display a list of NICs on your network, select Options, Show Vendor Names.) The 1->2 column displays the number of packets sent to the device in Network Address 2, and the 1<-2 column displays the number of packets received from Network Address 2. Unusually high numbers of packets that originate from specific network addresses can indicate a beaconing NIC or heavy traffic from specific network devices.

Network statistics. The third pane (pane 3, green frame) displays statistics about the current network packet trap. If you plan to capture packets for longer than 1 minute, you might have to increase the capture-buffer size, otherwise you'll start to lose packets in the capture buffer. The default capture-buffer size is only 1MB, which can fill up almost instantly on a busy network. When the buffer is full, the oldest packets are discarded and replaced with new packets. To modify the buffer size, select Capture, Buffer Settings and change the buffer-size setting. Don't set a buffer size that's greater than the amount of available physical memory, or you might drop frames because of page-file swapping.

   Previous  [1]  2  3  4  Next 


Reader Comments
Very informative article that I will use for monitoring our office network.

bgermain August 31, 2004 (Article Rating: )

You must log on before posting a comment.

If you don't have a username & password, please register now.




Top Viewed ArticlesView all articles
WinInfo Short Takes: Week of November 24, 2008

An often irreverent look at some of the week's other news, including a Vista Capable dismissal request, Zune price reductions, Morrow musings, Novell and Microsoft sitting in a tree ... two years later, Yahoo!, IE 6 on Windows Mobile, and so much more ...

Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...

PsExec

This freeware utility lets you execute processes on a remote system and redirect output to the local system. ...
Windows OSs Whitepapers Why SaaS is the Right Solution for Log Management
Related Events Implementing VoIP for Your Enterprise

Introduction to Identity Lifecycle Manager "2"

Power Up! With Virtualization Online Conference

Check out our list of Free Email Newsletters!
Windows OSs eBooks Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys

SQL Server Administration for Oracle DBAs
Related Windows OSs Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.



ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Is Your Approach to VMware Server Recovery Outdated?
Is your data protected from server failure? Download this white paper to find the best way to back up, recover, and restore your VMware ESX Server 3.x.

Maximize speed, performance and reliablity of your PCs and servers—automatically!
Speed Up Your PC! Try Diskeeper 2008 with InvisiTasking Free Now!

GoGrid Offers FREE Trial for Windows Cloud Servers
Deploy Windows Server 2003 and 2008 with free load balancing through GoGrid’s award winning web-based GUI – all in less than 5 minutes

Order Your SQL Fundamentals CD Today!
Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.
You've Deployed SharePoint...Now What?
This one-day free online conference delivers the technical knowledge needed to kick MOSS up a notch. In one information-packed day, independent SharePoint experts will present practical, real-world information and provide take-away, ready-to-use solutions

Ease Your Scripting Pains with the Flexibility of PowerShell!
Paul Robichaux equips you with PowerShell basics in 3 introductory lessons, each followed by live Q&A—all on your own computer! Register today!

What Would You Do If You Ran Microsoft?
ITTV's 2008 inaugural video contest, "If I Ran Microsoft..." is your chance to tell it like it is. Be goofy or be serious, but don"t miss this chance to have fun, win prizes, and go viral in a major way.

Maximize Your SharePoint Investment
This web seminar discusses how true bi-directional replication of SharePoint content from one server to another enables branch offices to maintain access to current SharePoint content.

Rock Your Knowledge, and Compete with Friends and Colleagues!
Are you the Web Application Performance Guru in your office? It's time to have fun! Download now to access the crossword puzzle. Challenge yourself and complete this fun activity!
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technology Resource Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing