Network tracing (packet sniffing) for Windows Server 2008 and Windows Server 2003

Applies to:

Windows Server 2008

Windows Vista

Windows Server 2003

Windows XP

To capture network packets (for those coming from a Unix background, Packet sniffer or protocol analyzer, or TCPDump), you will need to install Network Monitor (Netmon)

Microsoft Network Monitor 3.4

https://www.microsoft.com/en-us/download/details.aspx?id=4865

Depending on which processor you have, pick the right one.

In this example, I’ll be using the x64 package.

Click on “Run”

Click on “Run”

Click on “Yes”

Click on “Yes”

Select the radio button for “I accept the terms in the License Agreement”

Click on “Next”

Click on “Typical”

Click on “Install”

Click on “Finish”.

Ok, now we are ready to collect data.

 

Right click on the “Microsoft Network Monitor 3.4” icon

Click on “Run as administrator”

Warning:  If you don’t elevate, you will not be able to see the Network Interfaces.

Select the “Network (s)” that you want to monitor.

Click on Tools and Options…

Click on the “Parser Profiles”

Select “High Performance Capturing”

Click on “Set As Active”

Click on OK

Click on “New capture tab”

Whenever you are ready to start the network capture, click on “Start”

 

Write down the questions to help you and your peers analyze the network trace.

Network tracing (packet sniffing) data to provide when troubleshooting.
https://blogs.technet.com/b/yongrhee/archive/2012/12/20/network-tracing-packet-sniffing-data-to-provide-when-troubleshooting.aspx