Microsoft Network Monitor is a

deprecated In several fields, especially computing, deprecation is the discouragement of use of some terminology, feature, design, or practice, typically because it has been superseded or is no longer considered efficient or safe, without completely removing ...

packet analyzer A packet analyzer, also known as packet sniffer, protocol analyzer, or network analyzer, is a computer program or computer hardware such as a packet capture appliance, that can intercept and log traffic that passes over a computer network or ...

. It enables capturing, viewing, and analyzing network data and deciphering

network protocol A communication protocol is a system of rules that allows two or more entities of a communications system to transmit information via any kind of variation of a physical quantity. The protocol defines the rules, syntax, semantics and synchroniza ...

s. It can be used to troubleshoot

network Network, networking and networked may refer to: Science and technology * Network theory, the study of graphs as a representation of relations between discrete objects * Network science, an academic field that studies complex networks Mathematics ...

problems and applications on the network. Microsoft Network Monitor 1.0 (codenamed ''Bloodhound'') was originally designed and developed by Raymond Patch, a transport protocol and network adapter device driver engineer on the Microsoft

LAN Manager LAN Manager is a discontinued network operating system (NOS) available from multiple vendors and developed by Microsoft in cooperation with 3Com Corporation. It was designed to succeed 3Com's 3+Share network server software which ran atop a h ...

development team. Network Monitor was replaced by Microsoft Message Analyzer (MMA was discontinued in 2019).

History

The LAN Manager development team had one shared hardware-based analyzer at the time. Netmon was conceived when the hardware analyzer was taken during a test to reproduce a networking bug, and the first Windows prototype was coded over the Christmas holiday. The first 4 bytes of the Netmon capture file format were used to validate the file. The values were 'RTSS' for Ray, Tom, Steve, and Steve - the first four members of the team. The code was originally written for OS/2 and had no user interface; a symbol was placed in the device driver where the packet buffers were kept so received data could be dumped in hex from within the kernel debugger. Netmon caused a bit of a stir for Microsoft IT since networks and e-mail were not encrypted at the time. Only a few software engineers had access to hardware analyzers due to their cost, but with Netmon many engineers around the company had access to network traffic for free. At the request of Microsoft IT, two simple identification features were added - a non-cryptographic password and an identification protocol named the Bloodhound-Oriented Network Entity (BONE) (created and named by Raymond Patch as a play on the codename ''Bloodhound''). Network Monitor 3 is a complete overhaul of the earlier Network Monitor 2.x version. Originally versions of Network Monitor were only available through other Microsoft products, such as Systems Management Server (SMS). But now the fully featured product with public parsers is available as a fre
download
Microsoft Network Monitor was superseded by Microsoft Message Analyzer Microsoft Message Analyzer was retired in 2019

Features

Some key features of Network Monitor 3.4 include the following: *Process tracking *Grouping by network conversation *Support for over 300 public and Microsoft proprietary protocols *Simultaneous capture sessions *Wireless Monitor Mode with supported wireless NICs *Real-time capture and display of frames *Reassembly of fragmented data *Sniffing of

promiscuous mode In computer networking, promiscuous mode is a mode for a wired network interface controller (NIC) or wireless network interface controller (WNIC) that causes the controller to pass all traffic it receives to the central processing unit (CPU) rath ...

traffic *Can read

libpcap In the field of computer network administration, pcap is an application programming interface (API) for capturing network traffic. While the name is an abbreviation of ''packet capture'', that is not the API's proper name. Unix-like syste ...

capture files *

API An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how ...

to access capture and parsing engine

References

CodePlex CodePlex was a forge website by Microsoft. While it was active, it allowed shared development of open-source software. Its features included wiki pages, source control based on Mercurial, TFVC, Subversion or Git, discussion forums, issue tracki ...

*
Open Source Parsers
at CodePlex ** * Microsoft Message Analyzer: *
Download 1.1
*
Blog
** {{cite web , url= http://blogs.technet.com/b/messageanalyzer/archive/2012/09/17/meet-the-successor-to-microsoft-network-monitor.aspx , title= Meet the successor to Microsoft Network Monitor! , first= Paul E , last= Long , date= Sep 17, 2012 , work= Blog *
Forum Support for 1.1
*
Message Analyzer (Network Monitor's successor) on Microsoft Connect

Windows Protocol Test Suites 1.0
on

GitHub GitHub, Inc. () is an Internet hosting service for software development and version control using Git. It provides the distributed version control of Git plus access control, bug tracking, software feature requests, task management, continu ...

Network Monitor Network monitoring is the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator (via email, SMS or other alarms) in case of outages or other trouble. Network monitorin ...

Network analyzers Windows network-related software

History

Features

References

External links