KnowledgeBase Archive

An Archive of Early Microsoft KnowledgeBase Articles

View on GitHub

Q232247: Using Network Monitor to Capture Traffic Using a Remote Agent

Article: Q232247
Product(s): Microsoft Windows NT
Version(s): 3.1,3.5,3.51,4.0
Operating System(s): 
Keyword(s): 
Last Modified: 10-AUG-2001

-------------------------------------------------------------------------------
The information in this article applies to:

- Microsoft Windows NT Server versions 3.1, 3.5, 3.51, 4.0 
- Microsoft Windows NT Server, Enterprise Edition version 4.0 
- Microsoft Windows NT Workstation versions 3.1, 3.5, 3.51, 4.0 
- Microsoft Windows 95 
- Microsoft Windows 98 
- Microsoft Windows 98 Second Edition 
-------------------------------------------------------------------------------

SUMMARY
=======

Microsoft Network Monitor gives you the capability to connect to other computers
and capture traffic from another computer. You can do this across a router or a
Remote Access Service (RAS) connection.

MORE INFORMATION
================

The two primary components of Network Monitor are the Network Monitor Agent and
the user interface. The Network Monitor Agent binds to the user interface and
passes traffic up to the program. The Network Monitor Agent can run on any
compatible computer while the program is running on a separate computer.

How to Use Network Monitor Agent on a Second Computer
-----------------------------------------------------

On the Network Monitor Agent host computer:

1. Install the Network Monitor Agent (in Control Panel, click Network, click
  Services, click Add, and then click Network Monitor Agent).

2. In Control Panel, click Services, click Network Monitor Agent, and then click
  Start. (If you want the Network Monitor Agent to start when the computer
  starts, click Startup, and then click Automatic.)

To connect to a remote Network Monitor Agent:

1. Start Network Monitor.

2. From the Capture menu, click Networks.

3. Click the name of the remote connection, and then click Connect.

  NOTE: Until you make a connection, this entry is REMOTE. After you make a
  connection, REMOTE is replaced by the NetBIOS name of the remote computer.

4. In the Agent Name box, specify the name of the agent to which you are
  connecting. This name is the NetBIOS name of the remote computer. A universal
  naming convention (UNC) path name is not required.

5. In the User Comment box, click a comment to associate with the agent name you
  specified. This comment is displayed when users attempt to connect to the
  Network Monitor Agent.

6. In the Agent Status Update Frequency dialog box, specify the frequency (in
  seconds), in which you want the statistics from the remote capture displayed
  on your local computer. This number must be between 1-65 (the default is 2).

7. Click the Slow Link option. This option extends the period of time that your
  connection can be idle before Network Monitor concludes that the connection
  is unsuccessful and disconnects from the Network Monitor Agent. This option
  is recommended for all asynchronous connections.

8. Click Connect. If the Network Monitor Agent on the remote computer is
  password protected, you are prompted to type a password. If the Network
  Monitor Agent is running on a computer with only one network adapter
  installed, Network Monitor connects to that network adapter. If the Network
  Monitor Agent is installed on a computer that is multihomed, a dialog box
  that lists the network adapters installed is displayed. An asterisk appears
  next to the network adapter that Network Monitor used to make the connection
  to the remote computer. This network adapter is connected to the same network
  segment to which you are connected. Unless you want to capture statistics
  from your own your local network segment, you should select one of the other
  network adapters that is displayed.

9. Click Capture/Start to begin capturing data.

REFERENCES
==========

For additional information, please see the following article in the Microsoft
Knowledge Base:

  Q148942 How to Capture Network Traffic with Network Monitor


Additional query words: netmon nm bh bloodhound sniff trace

======================================================================
Keywords          :  
Technology        : kbWinNTsearch kbWinNTWsearch kbWinNTW400 kbWinNTW400search kbWinNT351search kbWinNT350search kbWinNT400search kbWinNTW350 kbWinNTW350search kbWinNTW351search kbWinNTW351 kbWinNTW310 kbWinNTSsearch kbWinNTSEntSearch kbWinNTSEnt400 kbWinNTS400search kbWinNTS400 kbWinNTS351 kbWinNTS350 kbWinNTS310 kbWinNTS351search kbWinNTS350search kbWinNTS310search kbWin95search kbWin98search kbWin98SEsearch kbWinNT310Search kbWinNTW310Search kbZNotKeyword3 kbWin98 kbWin98SE
Version           : :3.1,3.5,3.51,4.0
Issue type        : kbinfo

=============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Copyright Microsoft Corporation 1986-2002.