10.11. Viewing Network Traffic

Problem

You want to view the network traffic a server sends and receives. This is useful when you need to troubleshoot or debug application problems or system communications failures. Particularly when you are having problems with a particular protocol, such as LDAP or DNS, looking at the associated network traffic can be helpful to see what is being transmitted and received.

Solution

Using a graphical user interface

  1. Open the Network Monitor tool (netmon.exe). Network Monitor is not installed by default. To install it:

    1. Go to the Control Panel and open the Add or Remove Programs applet.

    2. Click on Add/Remove Windows Components.

    3. Double-click on Management and Monitoring Tools.

    4. Check the box beside Network Monitor Tools and click OK.

    5. Click Next.

    6. Click Finish.

  2. The first time you start Network Monitor, you will be asked from which network interface you want to capture data. On Windows Server 2003, Microsoft finally made the list of interfaces to choose easy to distinguish because they labeled each one by its connection name (e.g., Local Area Connection). With Windows 2000, it doesn't include that information in the label, so choosing an interface is almost a guessing game unless you know the MAC address prefix of your NIC card vendor. A trick you can use to narrow the list of interfaces is to disregard any that have a Dial-up connection setting marked as TRUE. After you've selected an interface, click OK.

  3. From the menu, select Capture Start. If you don't see the ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.