70 likes | 129 Views
Network Monitor. You can use Network Monitor to capture and display the packets that a computer sends or receives on a local area network (LAN).
E N D
Network Monitor • You can use Network Monitor to capture and display the packets that a computer sends or receives on a local area network (LAN).
You can use the Network Monitor tool to capture and display the packets that a computer sends or receives on a local area network (LAN). You can also use Network Monitor to detect and troubleshoot networking problems that the local host might experience. For example, as a network administrator, you can use Network Monitor to diagnose hardware and software problems when a host cannot communicate with other host members in the Network Load Balancing cluster.
Network Monitor Components • Network Monitor is composed of an administrative tool called Network Monitor and a network protocol called the Network Monitor driver. You must install both of these components to capture, display, and analyze network packets. • By default, Network Monitor does not provide a parser to display heartbeat and remote control data between cluster members. You must install the Windows Load Balancing Service (WLBS) network monitor parsers (Wlbs_hb.dll and Wlbs_rc.dll) in the Netmon\Parsers directory. The parsers for WLBS traffic are available in the Windows 2000 Server Resource Kit. • Note: To monitor all of the traffic on a network you must use the version of Network Monitor provided with Microsoft Systems Management Server.
Capturing Network Data • The process by which Network Monitor copies packets is referred to as capturing. You can capture all of the network traffic to and from the local network card, or you can set a capture filter and capture a subset of packets. You can also specify a set of conditions that trigger an event in a Network Monitor capture filter. By using triggers, Network Monitor can respond to events on your network. For example, you can start an executable file when Network Monitor has a trigger, which detects a particular set of conditions on the network, such as a large number of TCP connection Resets on a cluster. After you have captured data, you can view it. Network Monitor does much of the data analysis for you by translating the raw capture data into its logical frame structure.
To minimize the amount of data that is being captured, you can use a capture filter to define the required capture traffic. • Note: It is not recommended to run the Network Monitor on a host within the cluster, as the Network Monitor driver will place the network adapter into promiscuous mode.
Network Monitor Security • When running the Network Monitor, you can help protect your network from unauthorized use of Network Monitor installations; Network Monitor provides the capability to detect other installations of Network Monitor that are running on the local segment of your network. • Important: Running Network Monitor at high usage times can decrease system performance. Plan on running Network Monitor when the system is at low usage or for short periods of time. To avoid capturing too much information, capture only as many statistics as you need for evaluation. Smaller amounts of data allow you to make a reasonably quick diagnosis of the problem.
When Network Monitor detects other installations that are running on the network, it displays the following information about them: • The name of the computer that is running the Network Monitor installation. • The name of the user logged on at the computer. • The state of Network Monitor on the remote computer (running, capturing, or transmitting). • The adapter address of the remote computer. • The version number of Network Monitor running on the remote computer. • Note: In some scenarios, your network architecture might prevent one installation of the Network Monitor tool from detecting another. For example, if a router that does not forward multicast packets separates another installation of Network Monitor from your installation of the tool, Network Monitor will not detect the previous installation.