Learn how Network Monitor can be used to troubleshoot various types of network problems in this tip from WindowsNetworking.com.
Although networks are certainly more reliable than they used to be, problems do sometimes occur. For example, the network might be running more slowly than it normally does, or one device on a network might be having trouble communicating with another device. In such situations, a protocol analyzer is often the troubleshooting tool of choice. In this article series, I will show you how to install and use a free protocol analyzer called Network Monitor.
Acquiring Network Monitor
Technically, Network Monitor isn't really free. It might as well be free though, because it is included with various Microsoft products, including Windows Server 2003. There are actually two different versions of Network Monitor available; the basic version and the full version. The basic version of Network Monitor is included with Windows Server 2003, and the full version ships with SMS Server. Both versions will allow you to analyze network traffic, but there are some considerable differences between the two versions. The chart below illustrates these differences.
| Feature | Basic version | Full version |
| Packet capturing | Captures packets sent to and from the local host only | Captures traffic from across the entire network segment |
| Capture remote frames | Not supported | Supported |
| View bandwidth consumption by protocol | Not supported | Supported |
| View bandwidth consumption by user | Not supported | Supported |
| Modify and retransmit network traffic | Not supported | Supported |
| Differentiates between routers and network hosts | Not supported | Supported |
| Resolve device names into MAC addresses | Not supported | Supported |
As you can see in the chart above, there are some fairly significant differences between the basic version and the full version of Network Monitor. By far the biggest difference is that the basic version is only capable of analyzing traffic sent to or from the computer that Network Monitor is being run on, while the full version can analyze all of the traffic flowing across the network segment. At first this difference probably seems huge, and all at once it was, but the two versions are not as dissimilar as you might think.
To see why this is the case, you need to understand the difference between hubs and switches. When networked computers are connected to a hub, all of the computers exist in a common collision domain. This means that when a computer transmits a packet of data, every computer on the segment sees the packet. Each computer checks the packet's destination MAC address to see if it is the intended recipient and ignores the packet if not.
The problem with using hubs is that if two computers transmit packets simultaneously, then a collision occurs and the packets are destroyed and must be retransmitted. That being the case, hub based networks can be terribly inefficient. As such, most modern networks are switch based.
When a computer on a switch based network transmits a packet, the switch itself looks at the recipient's MAC address, and then sends the packet directly to the recipient. This eliminates the need for every computer on the network to see the packet.
Using a switch instead of a hub improves efficiency and security, but it also limits what you can do with a protocol analyzer. As you will recall, I mentioned that the full version of Network Monitor can analyze all of the traffic on the network segment. The problem is that a switch creates a logical segment consisting only of the sender and the recipient. Therefore, on switch based networks, the full version of Network Monitor is as limited as the basic version. Even so, Network Monitor is still a great troubleshooting tool, and is also good for gaining a better understanding of your network. In order to use Network Monitor effectively, you just have to be sure and run it directly on the computers that you are trying to troubleshoot.
Installing the basic version
As I mentioned before, the basic version of Network Monitor is included with Windows Server 2003. To install it, select the Add / Remove Programs option from the server's Control Panel. When you do, Windows will display the Add / Remove programs dialog box. Click the Add / Remove Windows Components button, and after a brief delay, Windows will launch the Windows Components Wizard. Scroll through the list of available components until you locate the Management and Monitoring Tools option. Select Management and Monitoring (don't select the check box), and click the Details button. Windows will now reveal a list of the various management and monitoring tools. Select the Network Monitor Tools check box and click OK. Now, click Next and follow the prompts to complete the installation process. Depending on how your server is configured, you may be asked to supply your Windows Server 2003 installation disk.
Installing the full version
Installing the full version of Network Monitor is equally easy. To do so, just insert your SMS Server 2003 installation CD and navigate through the CD's directory structure to \NETMON\I386. Now, just double click on the NETMONSETUP.EXE file to launch the installation wizard.
Click Next to bypass the wizard's Welcome screen, and the wizard will display the end user license agreement. After accepting the license agreement, click Next and the wizard will display the required disk space alongside the available disk space. After making sure that your computer has sufficient disk space, click Next and Network Monitor will be installed. Click Finish to complete the installation process.
The Network Monitor Agent
Network Monitor is designed primarily to monitor the network traffic flowing in and out of the machine that it is running on (although the full version does allow you to monitor an entire network segment). Sometimes you may need to perform a detailed analysis of the network traffic related to a computer other than the one that network monitor is running on. In these types of situations, you should install the Network Monitor Agent (also known as the Network Monitor driver) onto any machine that you want to monitor.
In case you are wondering, the Network Monitor driver is automatically installed when Network Monitor is installed. For machines that do not have Network Monitor installed, the Network Monitor driver must be installed manually. The Network Monitor driver is compatible with Windows XP and Windows Server 2003 (no word yet on Windows Vista).
To install the Network Monitor Driver on a machine that's running Windows XP, open the Control Panel and click on the Network and Internet Connections link, followed by the Network Connections link. Now, right click on the network connection that corresponds to the NIC that you want to monitor, and select the Properties command from the resulting shortcut menu. When the connection's properties sheet appears, click the Install button, and you will be asked if you want to install a Client, Service, or Protocol. Choose the Protocol option and click the Add button. Finally, choose the Network Monitor Driver from the list of available protocols, and click OK. You may be prompted to provide your Windows installation disk.
Conclusion
In this article, I have explained that Network Monitor is a great tool for troubleshooting network problems. I then went on to discuss the differences between the two versions of Network Monitor. Finally, I walked you through the Network Monitor installation process. In Part 2 of this series, I will begin showing you how to use Network Monitor.
About the author:
Brien Posey is an MCSE and has won the Microsoft MVP award for the last two years. Brien has written over 3,000 technical articles and written or contributed material to 27 books. In addition to his technical writing, Brien is the co-founder of Relevant Technologies and also serves the IT community through his own Web site at www.brienposey.com. Prior to being a freelance author, Brien served as CIO for a chain of hospitals. He was also previously in charge of IT security for Fort Knox.
