Install Network Monitor
I’m proud to announce the release of Network Monitor 3.4 to the Microsoft Download center. We’ve included a bunch of new exciting features and updates. A new high performance capturing feature allows you to capture on faster networks without dropping frames. Parser profiles provide a simple way to increase filtering/parsing speed and allow you to switch quickly between various parser sets. And UI updates like Color Rules, Windows Layouts and Column Management give you flexibility to do cool customizations to help you work the way you want. Please visit our Beta announcement to get a rundown of the new features.
As always, you can get support on our Network Monitor forum. There the community and our team can help answer questions about the UI, NMCap, API, parsers and even assist with troubleshooting scenarios.
With 3.4 complete we are now setting our sights on a new version with some grand goals for ITPros and Developers meant to take protocol troubleshooting and development to the next level. And as always our parser development continues to evolve so visit our CodePlex parser site frequently to get the latest parsers as well as standard and color filter updates. In fact we’ve had some recent updates to the standard filters so the latest CodePlex parsers, build 2351, has some updates that are even newer than the 3.4 release. Stay tuned and enjoy Network Monitor 3.4!
Nice one Paul. I'll roll this out now and hopefully have time to give detailed feedback.
Congrats guys! Great to hear about all the functionality. Can't wait to try it out. My greetings to the entire team.
I have a question:can netmon 3.4 capture all wireless packets and VPN packets? or it can capture these packets on specific drivers?
I recently capture a wireless packets and they all look similiar like this:
320 13.519644 [Aruba Networks F41F00] [*BROADCAST] WiFi WiFi:[ ManagementBeacon] ...... RSSI = -48 dBm, Rate = 1 Mbps, (I), SSID = moobilenetx, Channel = 11
The problem is the access DFS share via VPN.
I have not found any smb or other useful infomation that related with DFS referral process.
Thanks in advance.
You can capture both Wireless and VPN packets at the same time. For VPN, you have to make sure you are capturing the tunnel interface which appears as NDISWAN in select networks list.
If you capture only wireless traffic, then VPN traffic will be encoded so you won't see the tunneled traffic.
Also for wireless traffic, unless you are capturing on the machine that is receiving the traffic, you won't be able to see it as it will be encrypted.
In the example below you show a beacon traffic. You can get rid of those with the filter "!WiFi.Payload.Beacon". That might expose other traffic.
For further support please post your question on our forums at social.technet.microsoft.com/.../netmon.
Hello i would just like to say thanks for thing tiny little powerfull tool, it saved me hours of head scratching why a printer would not send a file over to a server's shared folder until a realised with this tool results that the printer was not compatible with SMB Signing, and the server (windows server 2008) was requirung a security signature. I will test this application further for the next days/weeks, any suggestions i come up with i know where to come. Great Job, thank you
Thank you so much for your reply!
What if I don't want to install 3.4, and want to install 3.3? It looks like you've eliminated any references to download previous versions.
Once we release a new version, we reuse the same link and pages and the old version is deprecated.
Can you tell me why you need the 3.3 version?
I have couple of questions:
1.The process name information is still not available to NetMon API?
2.Using the NPL, can I get the DNS Cache information?
We don't have direct support for getting the process info, but you could collect the data using the API directly. There is a thread in our forums about this: social.technet.microsoft.com/.../0c75311d-781a-4541-a37f-2573cfb66348
We also don't store the DNS cache information. What we do is collect resolved names from the traffic in the trace or that we collect live. In the parser with NPL you can access this information as it's stored in the Global.NameTable$ table. So for instance if you have a resolved name for 22.214.171.124, you can access this as Global.NameTable$[126.96.36.199].
Is there a location for 2.x Network Monitor download? I'd like to create a capture filter that will work with netcap.exe and the exported filters from NM3.x aren't compatible.
Netmon2.x was never a free download and currently there is no way to access it with out contacting Customer Support first.
Does NMCap not work for your scenario?
I try to download NM34_54x.exe from the download site and when I run it it says not a validWin32 application. I am Win7 64 bit and tried on another win 7 x64 PC. Yes- tried redownloading it. The 32bit does ok on a 32 bit PC.
Is your download corrupt or am I having a bad day?
I just clicked on the link to the right (go.microsoft.com/fwlink) and it started installing on my Win7 x64 machine.
Does the link above fail for you? I assume you are sure you are running x64 windows on your x64 machine? There is also an IA64 build (which is differnt), though they are rare so I'm doubting this but I wanted to make sure and mention just in case.
BTW, the forums might be a better place to ask these types of questions: go.microsoft.com/fwlink
We have employees in our corporate network who are using usb wireless adapters on a specific pc to connect to our opened (needs to be) WiFi so they can bypass our Web filtering from the cabled network. Would Network Monitor be a good tool to collect information
about the Mac adress of those wireless adapters? The idea is to block them in our wireless system's firewall.