General network errors (GNEs), Timeout expired, SQL Server not found or Access Denied…

Many times, the key to solving these errors is a network packet trace. The problem is that these errors are often thrown intermittently. This can obviously make it problematic to capture a network trace.

Network Monitor 3 (AKA Netmon3) solves this problem quite nicely. Netmon3 has the built-in ability to capture rolling traces. This allows you to start the trace and then walk away and be sure that you will have captured the error.

Here are my steps for configuring Netmon3 for a rolling trace:

Please see the steps below in order to configure Network Monitor:

1. Download Network Monitor 3

a. (https://www.microsoft.com/downloads/details.aspx?FamilyID=18b1d59d-f4d8-4213-8d17-2f6dde7d7aac\&DisplayLang=en)

2. Install Network Monitor on both the client and server experiencing the problem. If you are not able to install it on the server you can install it on another machine that is connected to the same hub as the server or to the admin port of the switch that the server is on. If you go this route you must synchronize the time between the client, server, and this third machine.

3. Synchronize the clocks on the Client and SQL machines

a. At one of the machines bring up a command prompt and execute the following:

                                         i. Net time <\machinenamewewanttosynchwith> /set /yes

4. Turn off TCP Chimney if any of the machines are Windows 2003

a. bring up a command prompt and execute the following:

                                         i. Netsh int ip set chimney DISABLED

5. Using the NMCap command-line utility, start the chained trace (chained = create a new capture file after reaching the “Temporary capture file size” rather than overwriting the current capture)

a. [Netmon 3 installation folder]NMCap /network * /capture /file test.chn:100M (creates 100 MB chained files)

                                         i. NOTE: YOU MUST USE THE .CHN EXTENSION TO CAPTURE CHAINED TRACES

                                        ii. NOTE: The target folder must exist for NMCap to create the trace file

b. More information can be found:

                                         i. https://blogs.technet.com/netmon/archive/2006/10/24/nmcap-the-easy-way-to-automate-capturing.aspx

                                        ii. Or by running the command-line switch /examples

                                       iii. Or by running the command-line switch /?

6. Get the IP addresses of the client and the server

a. ipconfig /all on the client > client.txt

b. ipconfig /all on the server > server.txt

7. Reproduce the problem, please note the exact time the problem reproduces. Also, please note the exact error message.

8. Stop the trace by hitting Ctrl-c in the command-line window

Please note that Netmon3 does not run on Windows 2000. Also, step #6 is probably the single most important step (besides actually starting the trace). If you don’t know the timestamp of the error, it is extremely difficult to find the offending packets in the trace.

Happy captures!

 


Posted By: Evan Basalik

Comments

  • Anonymous
    May 09, 2015
    It is same like wireshark ?