I like to think of these frames as sentences that have been said during conversation. It is possible to colour code the traffic with filters, so that the source traffic is in one colour and the return traffic is another so that you can tell who said what.
You also have the capability to set NM3. This can be useful when troubleshooting VPNs. The great thing about this tool is the data is live, so as the data is captured you can see it being populated in the console. This data can be stored in a file and sent to someone else, if you need to share the output for analysis. You can also select a range of frames live. These selected frames can be stored and sent to the other party for analysis instead of sending them the whole capture.
I found this to be very useful. You can be certain of the traffic the other party is inspecting, and they will not have to trawl through tons of frames to know what traffic you are referring to.
The data can be copied directly to excel, for analysis and graphing, the same applies to word, and tables can be created quickly for case detail. This makes the data manageable and easier to present. Creating filters can be simple.
A quick filter to create is an association between a particular process and a colour. For example you may want to see all IE traffic in your real-time view as blue and your Firefox traffic as red. All you need to do is expand the process in the network conversations tree window on the left and drill to the traffic in the frame summary on the right, right click the frame over the process column , click add "process name" as colour rule, set the colour and all traffic will appear blue for the IE process.
Figure 2: Remember to click on the process name column. Figure 4: In the real-time all traffic view you will see something like the above traffic flow. This makes it much easier to identify traffic when the packets are flying in and out at speed, and helps in colour coding important traffic.
This tool can be used in a command line utility and is called NMcap. This mode is great for high performance capture and useful when scripting the tool and commands. Filters can also be applied to this command so that only relevant traffic is captured. The command line utility has many uses, for example you can use this at a customer site and send the command to customer to copy and paste so that they can send you the output for remote analysis.
Any filter that is used in the UI can be used with the command line utility, remember the quotation marks. The saved file has captured all the traffic that is flowing to and from the selected network adapters on the local computer. So you will need to filter the network capture to see only the related traffic.
If you want to filter the capture for a specific field and do not know the syntax for that filter, just right-click that field and select Add the selected value to Display Filter. Network traces which are collected using the netsh commands built in to Windows are of the extension "ETL". Intro to Filtering with Network Monitor 3. Skip to main content. This browser is no longer supported. Download Microsoft Edge More info. Contents Exit focus mode.
Is this page helpful? I have the same question Report abuse. Details required :. Cancel Submit. Hi, Thank you for posting your query on Microsoft forums. You can refer to the following Microsoft article to know more about Network Monitor 3.
How satisfied are you with this reply? Thanks for your feedback, it helps us improve the site. This site in other languages x.
0コメント