Working With Network Monitor Brian M. Posey and David Davis (WindowsNetworking.com)

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Working With Network Monitor Brian M. Posey and David Davis (WindowsNetworking.com)"

Transcription

1 Although networks are certainly more reliable than they used to be, problems do sometimes occur. For example, the network might be running more slowly than it normally does, or one device on a network might be having trouble communicating with another device. In such situations, a protocol analyzer is often the troubleshooting tool of choice. In this article series, I will show you how to install and use a free protocol analyzer called Network Monitor. Acquiring Network Monitor Technically, Network Monitor isn't really free. It might as well be free though, because it is included with various Microsoft products, including Windows Server There are actually two different versions of Network Monitor available; the basic version and the full version. The basic version of Network Monitor is included with Windows Server 2003, and the full version ships with SMS Server. Both versions will allow you to analyze network traffic, but there are some considerable differences between the two versions. The chart below illustrates these differences. Feature Basic Version Full Version Packet Capturing Captures packets sent to and Captures traffic from across the from the local host only entire network segment Capture Remote Frames Not Supported Supported View Bandwidth Consumption by Not Supported Supported Protocol View Bandwidth Consumption by Not Supported Supported User Modify and Retransmit Network Not Supported Supported Traffic Differentiates Between Routers Not Supported Supported and Network Hosts Resolve Device names into MAC Addresses Not Supported Supported As you can see in the chart above, there are some fairly significant differences between the basic version and the full version of Network Monitor. By far the biggest difference is that the basic version is only capable of analyzing traffic sent to or from the computer that Network Monitor is being run on, while the full version can analyze all of the traffic flowing across the network segment. At first this difference probably seems huge, and all at once it was, but the two versions are not as dissimilar as you might think. To see why this is the case, you need to understand the difference between hubs and switches. When networked computers are connected to a hub, all of the computers exist in a common collision domain. This means that when a computer transmits a packet of data, every computer on the segment sees the packet. Each computer checks the packet s destination MAC address to see if it is the intended recipient and ignores the packet if not. The problem with using hubs is that if two computers transmit packets simultaneously, then a collision occurs and the packets are destroyed and must be retransmitted. That being the case, hub based networks can be terribly inefficient. As such, most modern networks are switch based. Revised July 22, 2009 Page 1 of 33

2 When a computer on a switch based network transmits a packet, the switch itself looks at the recipient s MAC address, and then sends the packet directly to the recipient. This eliminates the need for every computer on the network to see the packet. Using a switch instead of a hub improves efficiency and security, but it also limits what you can do with a protocol analyzer. As you will recall, I mentioned that the full version of Network Monitor can analyze all of the traffic on the network segment. The problem is that a switch creates a logical segment consisting only of the sender and the recipient. Therefore, on switch based networks, the full version of Network Monitor is as limited as the basic version. Even so, Network Monitor is still a great troubleshooting tool, and is also good for gaining a better understanding of your network. In order to use Network Monitor effectively, you just have to be sure and run it directly on the computers that you are trying to troubleshoot. Installing the Basic Version As I mentioned before, the basic version of Network Monitor is included with Windows Server To install it, select the Add / Remove Programs option from the server s Control Panel. When you do, Windows will display the Add / Remove programs dialog box. Click the Add / Remove Windows Components button, and after a brief delay, Windows will launch the Windows Components Wizard. Scroll through the list of available components until you locate the Management and Monitoring Tools option. Select Management and Monitoring (don t select the check box), and click the Details button. Windows will now reveal a list of the various management and monitoring tools. Select the Network Monitor Tools check box and click OK. Now, click Next and follow the prompts to complete the installation process. Depending on how your server is configured, you may be asked to supply your Windows Server 2003 installation disk. Installing the Full Version Installing the full version of Network Monitor is equally easy. To do so, just insert your SMS Server 2003 installation CD and navigate through the CD s directory structure to \NETMON\I386. Now, just double click on the NETMONSETUP.EXE file to launch the installation wizard. Click Next to bypass the wizard s Welcome screen, and the wizard will display the end user license agreement. After accepting the license agreement, click Next and the wizard will display the required disk space alongside the available disk space. After making sure that your computer has sufficient disk space, click Next and Network Monitor will be installed. Click Finish to complete the installation process. The Network Monitor Agent Network Monitor is designed primarily to monitor the network traffic flowing in and out of the machine that it is running on (although the full version does allow you to monitor an entire network segment). Sometimes you may need to perform a detailed analysis of the network traffic related to a computer other than the one that network monitor is running on. In these types of situations, you should install the Network Monitor Agent (also known as the Network Monitor driver) onto any machine that you want to monitor. In case you are wondering, the Network Monitor driver is automatically installed when Network Monitor is installed. For machines that do not have Network Monitor installed, the Network Monitor driver must be installed manually. The Network Monitor driver is compatible with Windows XP and Windows Server 2003 (no word yet on Windows Vista). Revised July 22, 2009 Page 2 of 33

3 To install the Network Monitor Driver on a machine that s running Windows XP, open the Control Panel and click on the Network and Internet Connections link, followed by the Network Connections link. Now, right click on the network connection that corresponds to the NIC that you want to monitor, and select the Properties command from the resulting shortcut menu. When the connection s properties sheet appears, click the Install button, and you will be asked if you want to install a Client, Service, or Protocol. Choose the Protocol option and click the Add button. Finally, choose the Network Monitor Driver from the list of available protocols, and click OK. You may be prompted to provide your Windows installation disk. The Network Monitor Interface When you launch Network Monitor, the first thing that you will see is a message asking you to select the network interface on which you want to capture data. This is important, because if you neglect to select an interface, then Network Monitor will pick one for you, and it might not chose the interface that you would have chosen. Click OK, and you will be taken to a screen that is similar to the one that is shown in Figure A. Simply select the network interface that you want to use and click OK. Figure A You Must Select The Network Interface That You Want To Monitor At this point, the Network Monitor will display the main capture screen, shown in Figure B. Before I show you how to use this screen, I just want to mention that Network Monitor only prompts you to select the network that you want to monitor the first time that you use it. If your computer only has one network adapter, then this will not be a problem. If your system is multihomed though, you will probably want to be able to monitor traffic across all of the network segments. Revised July 22, 2009 Page 3 of 33

4 Figure B This Is Network Monitor s Capture Screen Unfortunately, you cannot monitor traffic across multiple segments simultaneously, but you can switch segments even though Network Monitor does not automatically prompt you for the segment that you want to monitor. To do so, simply select the Networks command from the Capture menu. Doing so will display a screen similar to the one shown in Figure A. The biggest difference between the two screens is that this screen also has a Remote option that you can use for remote packet capturing. Having said that, let s take a look at the capture screen. As you can see in the figure, this screen is made up of four different panes. The pane in the upper left portion of the window is known as the graph pane. The graph pane graphically displays the current level of activity during the capture process. It contains graphs that display the overall percentage of network utilization, the number of frames captured per second, the number of bytes captured per second, and the number of broadcasts and multicasts per second. You might have noticed in the figure that there is a scroll bar associated with the graph pane. This scroll bar is deceptive because there are no graphs beyond the ones that are shown in the figure. Just below the graph pane is the session statistics pane. The session statistics pane is designed to display a quick summary of the traffic that has been captured. This section displays things like the network addresses of the hosts involved in a conversation, and which host initiated the conversation. The bottom section of the screen contains the session statistics pane. This pane displays capture summary information on a per host basis. The network address of each host is displayed along with the number of frames sent and received, bytes sent and received, and the number of directed frames, multicasts, and broadcasts sent. Revised July 22, 2009 Page 4 of 33

5 The upper right section of the window contains the total statistics pane. As the name implies, this pane displays statistics related to all of the traffic that has been captured as a whole. This pane displays the same types of information as the other panes that I have mentioned. The difference is that the total statistics pane does not break the statistics down on a per host basis. Capturing Network Traffic Now that I have given you a quick orientation of the Network Monitor interface, it is time to capture some network traffic. If you look at Figure B, you will notice the tool bar just above the graph pane. This toolbar is used to control the capture process. The capture related buttons on the toolbar are as follows: Capture Data Pause the capture or resume a paused capture Stop the capture process Stop the capture and view the captured data View the captured data Help To capture data using the Network Monitor, just click the Capture Data button. Network Monitor will begin capturing data and will not stop until you either pause or stop the capture. The data capture process looks something like the what you see in Figure C. Figure C This Is What The Network Monitor Interface Looks Like While Data Is Being Captured Revised July 22, 2009 Page 5 of 33

6 As you look at the figure, the first thing that you will probably notice is that it contains lots of statistics, but no real data. If you want to view the data that has been captured, you will have to click the View Data button on the toolbar. Upon doing so, you will see a screen similar to the one that is shown in Figure D. Figure D This Is What The Captured Data Looks Like If you look closely at the captured data you will notice that what Network Monitor is really displaying is a summary of the individual frames that have been captured. This particular screen lists the frame number, the time that the frame was captured, the source and destination addresses, the protocols used, and things like that, but it does not actually show the data contained within the frame. Fortunately, there is an easy way to view more detailed information. If you look at the toolbar, you will notice three buttons that consist of three rectangles each, as follows These buttons allow you to toggle the summary pane, details pane, and hexadecimal pane. When all three panes are enabled, you can see a comprehensive view of the selected frame, as shown in Figure E. Revised July 22, 2009 Page 6 of 33

7 Figure E The Three Pane View Gives You Comprehensive Information Regarding The Currently Selected Frame As you can see in the figure, the Details pane displays protocol information for the currently selected frame. When a frame contains multiple protocols, the outermost protocol is listed first. The hexadecimal pane displays the actual data that makes up the frame. Notice in the figure that a portion of the frame is selected in the Details pane. The selected portion is then highlighted in the Hexadecimal pane to help you isolate the data. For the purposes of keeping things simple, let s perform a packet capture against a simple ping operation. To do so, log on to the server that you will be running Network Monitor on, and open a Command Prompt window. When the command prompt window opens, type the PING command followed by a space and the fully qualified domain name or the IP address of a computer on your network, but do not press Enter yet. Now, open the Network Monitor and select the Start command from the Capture menu. Immediately switch over to the Command Prompt window and press Enter to execute the PING command. The command should return four results, as shown in Figure A. As soon as the command finishes executing, switch back to the Network Monitor screen and select the Stop command from the Capture menu. In doing so, you will have captured the packets associated with the PING command, but will likely have captured some unrelated traffic as well. Revised July 22, 2009 Page 7 of 33

8 Figure A The PING command should return four results After you stop the capture process, click the Display Captured Data icon ( ) to view the data that you have captured. The actual amount of data that will be displayed as a part of the capture depends on how busy your network is and on how long the PING command takes to complete. On a lab network, you may only capture a few dozen frames, while you will almost certainly capture many more frames if you are capturing data from a production network. For example, when I tried this procedure while writing this article, I captured nearly six hundred frames over the course of about five seconds. The point is that if you were using the Network Monitor to troubleshoot a network problem in the real world, you would almost certainly capture some irrelevant data. Knowing how to sift through this excess data is an essential skill because otherwise locating the data that you are actually interested in could be like looking for a needle in the proverbial haystack. If you look at Figure B, you will notice that there were quite a few packets captured. Our job is to filter the packets that are unrelated to the activity that we were trying to capture so that analyzing the captured packets will be easier. Revised July 22, 2009 Page 8 of 33

9 Figure B Network Monitor will often capture traffic that is unrelated to the activity that you are trying to analyze To do so, click the Filter icon found on the tool bar. When you do, you will see a rather intimidating looking dialog box, as shown in Figure C. What this dialog box is telling you is that right now Network Monitor is showing you all of the captured data, regardless of protocol or IP address. Figure C The Display Filter Dialog Box Can Appear A Bit Intimidating Revised July 22, 2009 Page 9 of 33

10 However, we performed a PING from one machine to another, and we know the IP addresses that were involved in the PING. Therefore, we can filter on those addresses. To do so, select the ANY <-> ANY line and click the Edit Expression button. You will now see a screen similar to the one that s shown in Figure D. Figure D The Expression Dialog Box Allows You To Select The Addresses Involved In The Conversation This screen allows you to select the addresses of the two machines involved in the conversation. Normally, you would simply select the source and destination addresses, verify that the direction column was set to <-> and click OK. In this particular case things are a bit more complex. You will notice in the figure that there are multiple IP addresses associated with the machine FUBAR. That s because this machine is a Web server and is hosting multiple sites, each with their own address. In a situation like this, you would select the machine s primary address unless you had a specific reason for using one of the other addresses. The other thing that makes this screen a bit difficult is that the address of the destination machine is not displayed. You can fix this by clicking the Edit Addresses button. Doing so will display a list of all of the addresses from the previous list. Click the Add button and you will be given the chance to add an address to the list. Notice in Figure E that you must choose the type of address (IP or MAC) that you are adding. Click OK followed by Close, and the address will be added to the address filter. Revised July 22, 2009 Page 10 of 33

11 Figure E You can manually add an address to the list Now select the IP addresses involved in the conversation that you are interested in and click OK twice. The list of captured frames is now filtered to display only traffic from the selected machines, as shown in Figure F. Figure F We Have Filtered The List Of Captured Data To Display Only The Frames That We Are Interested In Revised July 22, 2009 Page 11 of 33

12 Since our capture only involved the PING command you shouldn t have any trouble locating the data that you are looking for. In the real world though, there is a chance that the data that you are trying to capture may not even exist within the capture. There are two primary conditions that can cause this to happen. The first reason why your capture file may not contain the data that you are interested in is because most companies have made the move from hubs to switches. On a network in which hubs are used, every computer on the hub receives the exact same traffic. When a computer needs to communicate with another computer, it places a packet on the wire, and that packet travels to every computer that s attached to the hub. Each computer looks at the destination address found in the packet header to check to see if the packet is intended for that computer. If the destination address matches the computer s MAC address then the computer opens the packet and processes its contents. Otherwise the packet is ignored. Things work differently if a switch is involved. When a computer sends a packet, the switch actually looks at the packet header to determine the packet s intended recipient. The switch then forwards the packet to the switch port that the recipient is attached to. Computers other than the sender and the recipient are completely oblivious to the conversation. The reason why switches have begun replacing hubs is because switches are far more efficient (and more secure) than hubs. If a hub is in use and two computers attempt to transmit data at the same time, a collision occurs, destroying both packets in the process. The two computers each wait a random amount of time before retransmitting the data. The more computers that are attached to a network, the more collisions occur. Of course more collisions mean slower network performance. Therefore, dropping prices and the need for greater performance has driven many companies to make the move to switches. Switches are particularly problematic when it comes to capturing data with Network Monitor. Because of the way that switches work, you will only be able to capture data sent to or from the computer that Network Monitor is running on. Another condition that may lead to the desired packets not being captured is the use of virtual machines. If a single server is hosting multiple virtual machines, then the traffic flowing between those virtual machines will most likely not be captured because traffic between virtual machines hosted by a single server typically does not flow across the wire. It is possible to configure virtual machines so that traffic between them is placed on the network, but doing so is beyond the scope of this article. In the previous part of this article series, I showed you how to filter a Network Monitor capture so that only the communications between the desired hosts are shown. Filtering out conversations with hosts that you have no interest in goes a long way toward getting rid of noise in the capture file, but there may still be a lot of clutter that you have to sort through in order to locate the information that you are interested in. For example, in our sample capture we performed a ping against one of the other hosts on the network. A standard PING command typically produces twelve packets of data. If you look at Figure A you will see that even after filtering out conversations with other hosts, there are far more than twelve packets displayed. Revised July 22, 2009 Page 12 of 33

13 Figure A When You Typically Perform A Capture There Will Be A Lot Of Clutter To Cut Through The scary part about this capture is that all of these packets were captured over a span of about five or six seconds. You can only imagine how many packets would be captured had the capture duration been longer, or had the hosts been busier, as would likely be the case in the real world. Fortunately, there are a few other things that you can do to cut through the clutter. In this particular case, we are interested in seeing the packets that are related to a PING. Any time that you issue a PING command, Windows invokes the ICMP protocol. That being the case, we can filter the list so that only ICMP related packets are shown. Remember that we have already filtered the list so that we are looking at the correct hosts. To further filter the list by protocol, click the Filter icon (the icon that looks like a funnel). When you do, you will see the Display Filter dialog box, shown in Figure B. Revised July 22, 2009 Page 13 of 33

14 Figure B The Display Filter Dialog Box Allows You To Filter By Host And By Protocol To filter by protocol, select the Protocol==Any line, and click the Edit Expression button (This button will appear in place of the Change Operator button that is shown in the figure). Upon doing so, you will see a screen similar to the one that is shown in Figure C. As you can see in the figure, this window lists all of the protocols that Network Monitor is aware of, as well as a brief description of each protocol. Figure C The Expressions Dialog Box Lists Each Protocol That Network Monitor Is Aware Of Revised July 22, 2009 Page 14 of 33

15 To create the filter, simply click the Disable All button. Doing so will move all of the protocols shown in the figure from the Enabled Protocols list to the Disabled Protocols list. Now, scroll through the Disabled Protocols list until you locate the ICMP protocol. Select the ICMP protocol and click the Enable button. After doing so, ICMP should be the only protocol that s listed on the Enabled Protocols list. Click OK twice, and the capture will be filtered to show you only the packets that you are interested in, as shown in Figure D. Figure D You Can Filter By Host And By Protocol Simultaneously The technique that I just showed you works great if you know exactly which protocols you are interested in. Sometimes you might need to just get a general sense of what is going on in a conversation between two hosts, and may not know specifically which protocols will be involved in the conversation. Even in these types of situations there are techniques that you can use to cut through the clutter. The technique that I am about to show you is nowhere near as efficient as the one that you just saw, but I have used it in real life. The idea behind this technique is to filter out the noise packets one at a time. Before I show you how this technique works, I just want to mention that the criteria for classifying a packet as noise will vary greatly from one situation to the next. The more thoroughly you want to investigate a capture file, the fewer packets you will want to filter out. On the other hand, if you just want to get a general idea of what is going on with a trace, then there will usually be quite a few packets that you can filter out. Revised July 22, 2009 Page 15 of 33

16 As you have already seen, we used a computer named FUBAR to perform a PING against a server named TAZMANIA. Let s pretend that we know that these two computers are the machines that we are interested in analyzing, but let s also pretend that we do not know that ICMP is the protocol that is used by the PING command. If that were the case, then the first thing that we would do is to filter the list of captured packets so as to eliminate conversations with hosts other than the ones that we are interested in. To do so, we will use the exact same technique used in Part 3, and the results should look like what you see in Figure A. When we knew that we were only interested in seeing ICMP packets, we used the filter to eliminate every packet except for ICMP. In this technique, we are going to do the opposite. Rather than eliminating every protocol except for the one that we are interested in, we are going to leave all of the protocols enabled initially, and then filter out individual protocols as we realize that we are not interested in them. As you look at Figure A, one of the protocols that you will see used the most often is the TCP protocol. The TCP/IP protocol tends to fragment data. Often when you see a TCP packet, it is a fragment of something that is left over from another frame. If I am trying to get a general understanding of what is happening in a trace, the very first thing that I will usually do is to filter out the TCP packets. It would seem that you should be able to click the filter icon, to access the Display Filter dialog box. Click the Protocol==Any line and click the Edit Expression button. Select the TCP protocol, and click the Disable button. Unfortunately, a bug in the current version of Network Monitor keeps this from working the way that it should. As a work around, I make a list of each protocol that was used in the capture. I then disable all of the protocol, but enable the protocols that were actually used by the capture. From there I can disable protocols as I find that they are irrelevant to what I am doing. For example, if you compare Figure E to Figure A, you can see just how much I was able to shorten the trace by filtering out the TCP protocol. Figure E Filtering Out Protocols That Are Irrelevant To What You Are Looking For Can Greatly Decrease The Number Of Packets That You Have To Sort Through Revised July 22, 2009 Page 16 of 33

17 At the conclusion of the previous article, our filtered set of captured packets looked like what you see in Figure A. As I explained at the beginning of this series, I captured the data shown in the figure by starting the capture, executing a PING command, and stopping the capture. My purpose in doing so was to keep things as simple as possible. If you look at Figure A, you can actually see where the ICMP packets were transmitted, and where replies were received. Figure A It Is Usually Useful To Filter Out Unimportant Packets If this were a real life capture, there usually wouldn t be any need to delve any deeper into the data, because you can tell exactly what is going on just by looking at the Description column. In the real world though, things are rarely this simple. Determining exactly what is going on within a trace often requires looking inside of the individual packets. There really isn t anything particularly meaningful that I can show you inside of an ICMP packet. That being the case, let s take a look at some of the LDAP packets that were captured. As you probably know, LDAP stands for Light Weight Directory Access Protocol. LDAP is the protocol used to read information from and write information to the Active Directory. There are two reasons why I want to show you how to analyze an LDAP packet. First, in real world traces of Windows networks, LDAP packets are very common. Being that LDAP packets are so common, you may find yourself needing to decipher their meaning. The second reason why I want to show you how to look inside of an LDAP packet is because LDAP packets contain human readable data. This will make it easier for you to understand what the packet Revised July 22, 2009 Page 17 of 33

18 is actually doing. The techniques that I am about to show you can be used to look inside of any packet; it s just that not every packet will be meaningful unless you happen to be a protocol expert. Looking Inside of a Packet Let s begin by looking inside frame number 284. The description simply says that this frame is a search request. The fact that a machine is issuing an LDAP search request doesn t really tell you a lot. The only way to tell what the search request consists of is to look inside of the packet. Before you open the packet, click the icons to toggle the details pane and the hex pane on. Once all three panes are displayed, select the packet that you want to look at. When you do, you will see a screen similar to the one that s shown in Figure B. Figure B This Is What A Packet Looks Like Revised July 22, 2009 Page 18 of 33

19 The first thing that I want to show you is the details pane. If you look at this pane, you will notice that there are several different expandable containers (Frame, Ethernet, IP, TCP, and LDAP). The reason for the various containers is because packets are typically hierarchical in nature. The packet that we are looking at is an LDAP packet, but computers don t natively speak LDAP. LDAP is actually based on the TCP protocol. TCP in turn is a subpart of the IP protocol. Each container in the details pane represents an individual layer of encapsulation. If you look at the hex pane, you will see a hexadecimal representation of the individual bytes that make up the packet. Notice that each byte is highlighted in black. The reason for this is because the bytes highlighted in black correspond to the part of the packet that is selected in the details pane. In this particular case, the FRAME container is selected. This container represents the entire frame, which is why the entire frame is highlighted in black. If I were to select the LDAP container, then only the bytes corresponding to the LDAP data are highlighted in black, as shown in Figure C. Figure C The Hex Pane Highlights The Currently Selected Portion Of The Packet Revised July 22, 2009 Page 19 of 33

20 You have probably noticed that each container is expandable. By clicking the plus sign next to a container, you can drill down further and further into the packet. It is often possible to see exactly what the packet does by looking further inside the frame. If you look closely at Figure C, you can pick out some readable words from within the ASCII representation of the hexadecimal data that is selected. However, this readable data tends to be rather difficult to read. Words start on one line and end on the next, and are often separated by cryptic symbols. The black highlighting also tends to make this section difficult to read, because of the strain that the contrast places on your eyes. A better way of looking inside of the packet is to expand the LDAP portion of the packet from within the Detail pane. Expanding the LDAP container reveals that this particular packet is an LDAP search request, as shown in Figure D. This means that the packet was sent in an effort to query the Active Directory. Figure D Expanding The LDAP Portion Of The Packet Reveals That The Packet Is An LDAP Search Request Revised July 22, 2009 Page 20 of 33

21 OK, so now we know what the packet s purpose is, but we still don t know what the packet is really doing. An LDAP request is an attempt to retrieve information from the Active Directory, but what information is it trying to retrieve? If you expand the LDAP: Protocol0p = SearchRequest container, you can see that one of the sub containers is labeled Attribute Description List, as shown in Figure E. If you look at the figure, you will notice that Attribute Description List corresponds to the more legible portion of data that is displayed in the hex frame. Figure E LDAP Search Requests Are Always Accompanied By An Attribute Description List Revised July 22, 2009 Page 21 of 33

22 You will also notice in the figure that the Attribute Description List container is expandable. If you expand this container, you can see that the Network Monitor displays exactly which LDAP attributes the frame is requesting data for, as shown in Figure F. Figure F Network Monitor displays a list of the attributes for which the LDAP query is attempting to retrieve data Revised July 22, 2009 Page 22 of 33

23 Analyzing Traffic With Network Monitor As an administrator, it s important for you to keep tabs on the traffic that s flowing across your network. I m not saying that you need to be intimately familiar with every single packet that s sent or received, but you need to know what types of protocols are flowing across your network. Monitoring the network allows you to have a better understanding of how bandwidth is being used. It also allows you to find out if users are running file sharing programs, or if some kind of evil Trojan is silently transmitting information in the background. What you might not realize is that Microsoft has given you a tool that you can use for monitoring network traffic. Appropriately, the tool is called Network Monitor. In this article, I will introduce you to this tool and show you how to use it. Microsoft has given you a tool that you can use for monitoring network traffic. Appropriately, the tool is called Network Monitor. There are actually two different versions of Network Monitor that ship with Microsoft products. The version that comes with Windows Server 2003 is the watered down version. It is very similar to the full version, except that it only allows you to analyze traffic sent to or from the server that Network Monitor is running on. The full version of Network Monitor is included with SMS Server. It allows you to monitor any machine on your network and to determine which users are consuming the most bandwidth. You can also use the SMS version of Network Monitor to determine which protocols are using the most bandwidth on the network, locate network routers, and resolve device names into MAC addresses. Another feature that is left out of the Windows version of Network Monitor is the ability to capture, edit, and retransmit a packet. This functionality is used by hackers when performing a replay attack. The idea behind a replay attack is that a hacker can capture some sensitive piece of information, such as an authentication packet. Later, if the hacker wants to log on as someone else, they can edit the packet to change the source address and then retransmit it. The actual process is a little more complicated than that, but not much. Installing Network Monitor As you may have already figured out, the Windows Setup program doesn t install Network Monitor by default. To install the Windows version of Network Monitor, open the Control Panel and select the Add / Remove Programs option. Next, click the Add / Remove Windows Components button to launch the Windows Components wizard. Scroll through the list of components until you locate the Management and Monitoring Tools option. Select the Management and Monitoring Tools option and click the Details button. Select the Network Monitor Tools option and click Next. Windows will now begin the installation process. You may be prompted to insert your Windows installation CD. Click Finish to complete the installation process. Running Network Monitor After the installation process completes, you can launch Network Monitor by selecting the Network Monitor command found on Window s Administrative Tools menu. When Network Monitor initially loads, you will see a dialog box asking you to select a network that you can capture data from. Click OK and you will see the Select a Network dialog box. Simply expand the My Computer container and then select the network adapter that you want to monitor. Click OK to continue. At this point, you will see the main Network Monitor screen, shown in Figure A. Right now, Network Monitor isn t capturing any data. It s up to you to initiate the data capture process. Before you do though, you might want to set up a capture filter. Revised July 22, 2009 Page 23 of 33

24 Figure A This Is The Main Network Monitor Screen The reason why filtering is so important is because there is a tremendous amount of traffic that flows into and out of most servers. You can easily capture so much traffic that analyzing it becomes next to impossible. To help cut down on the amount of traffic that you must analyze, Network Monitor allows you to use filters. There are two different types of filters that you can use; capture filters and display filters. Capture filters allow you to specify which types of packets will be captured for analysis. For example, you may decide that you only want to capture HTTP packets. The main advantage to implementing a capture filter is that by filtering packets during the capture, you will use a lot less hard disk space than you would if you captured every packet. Display filtering works similarly to capture filtering except that all network traffic is captured. You filter the data that you want to analyze at the time of analysis rather than at the time of capture. Display filtering uses a lot more hard disk space than capture filtering, but you will have the full dataset on hand just in case you decide to analyze something other than what you originally intended. Capturing Data If you have decided that you want to filter the data being captured, select the Filter option from the Capture menu, and configure your filter. Otherwise, you can start the capture process by selecting the Start command found on the Capture menu. You can see what the capture process looks like in Revised July 22, 2009 Page 24 of 33

25 Figure B. When you have captured the data that you want, then select the Stop command from the Capture menu. Figure B This Is What The Capture Process Looks Like Analyzing the Data To analyze the captured data, select the Display Captured Data command from the Capture menu. When you do, you will see the screen shown in Figure C. Revised July 22, 2009 Page 25 of 33

26 Figure C This Is A Summary Of The Captured Data The screen shown in Figure C shows a summary of all of the captured packets in the sequence that those packets were captured. The data that you are looking at is unfiltered. You could set up a display filter at this point by selecting the Filter option from the Display menu. Once you have located a packet that you are interested in, double click on the packet to see it in greater detail. When you do, you will see the screen that s shown in Figure D. Revised July 22, 2009 Page 26 of 33

27 Figure D This Is The Screen That You Will Use To Analyze A Packet As you can see in the figure, the packet screen is divided into three sections. The top section is simply a condensed view of the summary screen. You can use this section to select a different packet to analyze without having to go back to the mail summary screen. The second section contains the packet s contents in a decoded, tree format. For example, in the screen capture, you can see that the top portion of the tree says FRAME: Base Frame Properties. If you expand this portion of the tree, you can see the date and time that the frame was captured, the frame number, and the frame length. The third section contains the raw data that makes up the frame. In this section, the column to the far left shows the base address of the bytes on that line in hexadecimal format. The middle section shows the actual hexadecimal data that makes up the frame. The hexadecimal code is positions wide. To determine the address of any of the hex characters, start with the base address for that line, and then count the position of the character that you are interested in. For example, if the base address is , and the character that you are interested in is in the twelfth position, then the character s address would be B. The column to the far right contains a reprint of the data in decimal notation. This is probably the most useful part of the screen because anything that has been transmitted in clear text is clearly readable in this column. For example, if an were transmitted in an unencrypted format and the Revised July 22, 2009 Page 27 of 33

28 transmission were captured, you could read the contents of the message in this location (assuming that you could locate the correct packet). If you look closely at Figure D, you will notice that this is an LDAP packet that I have captured. The decimal portion of the packet clearly shows a call to the Active Directory (CN=Configuration,DC=production,DC=com). Network Monitor 3.3 the Essentials Here are 5 essential questions and answers about Network Monitor: 1. What is Network Monitor? According to Microsoft s official definition, Network Monitor is: A tool used for viewing the contents of network packets that are being sent and received over a live network connection or from a previously captured data file. It provides filtering options for complex analysis of network data. In other words, Network Monitor is a protocol analyzer or a packet sniffer. 2. What can Network Monitor do for me? All that sounds great but what can it really DO FOR YOU? Protocol analyzers, like Network Monitor, can answer: What is REALLY going on in your network What device or what type of traffic is causing slowness Why is an application is failing In general, it will give you insight into your network like no other solution can! 3. How much does Network Monitor cost? Unlike many other protocol analyzers that can cost hundreds or thousands of dollars, Microsoft s Network Monitor is free (thanks Microsoft!) 4. Where do I obtain Network Monitor? You can download the latest version (3.3) of Network Monitor from the Microsoft Download Center Network Monitor 3.3 webpage. 5. What operating systems is netmon compatible with? One of the new features of Network Monitor 3.3 is that it is compatible with Windows 7. However, it is also compatible with Windows Server 2003, Windows Server 2003 Itanium-based editions, Windows Server 2008, Windows Vista (32 and 64 bit), and Windows XP (32 and 64 bit) 6. What s new in Network Monitor version 3.3? Now let s look at the new features in Network Monitor 3.3: Frame Comments as you analyze the network frames that netmon sees, you can attached comments to those frames for future reference and documentation. Revised July 22, 2009 Page 28 of 33

29 Figure 1 Adding a Frame Comment Netmon API There is now an API that programmers can use to put information into or pull information out of Network Monitor. Autoscroll Allows you to see the most recent packets in a live capture as they come in. You can click Autoscroll to enable this or to freeze traffic. Figure 2 Autoscroll in Action Revised July 22, 2009 Page 29 of 33

30 Rick-Click Add-to-Alias Gives you the option to quickly add aliases, compared to having to manually go to the alias tab and add a new alias by entering the IP address. Tunnel Capture Support Allows you to capture traffic over tunnel adapters in Windows Vista SP2, Windows Server 2008, and Windows 7. WWAN Capture Support Captures traffic over mobile broadband data cards on Win7. Experts to analyze your network captures Experts are stand-alone applications that analyze Network Monitor capture data. You can install Experts and run them directly from the UI on a capture file. To search for experts, from an open capture file, click Experts on the main menu, and select Download Experts. (Read more about Expert below when I show you how to use these step by step) Right-Click Go-to-Definition - Right-click a field in the Frame Details window and select Go To Data Field Definition or Go To Data Type Definition to see where the field is defined in the NPL parsers. To me, the biggest new features are Windows 7 support, Autoscroll, and Experts. Speaking of Experts, let me show you how to use them. What are Network Monitor 3.3 Experts and how do you use them? The Experts feature of netmon 3.3 is a major feature. I have seen this feature before in packet analyzers that cost thousands of dollars so it is nice to gain this ability now in Microsoft s free packet analyzer. Essentially, Experts act as 1) more advanced and knowledgable network admins who can analyze your data for you and 2) assistants who can crunch data for you. In other words, Experts are going to save you time and give you the answers that you might otherwise not have been able achieve. There are no Experts included with netmon 3.3 so you need to download these tools from the Internet (at no cost). Something else of note related to Experts To use experts, you must first save your capture files, and then reopen them. Experts are not going to work on live data. Once you take a capture, close it, and reopen it, you will have access to Experts. You can access experts in two ways: Right-click on a frame and go to the Expert menu. Go to the Experts menu from the top menu drop-down. Revised July 22, 2009 Page 30 of 33

31 Figure 3 How To Apply And Expert To A Particular Frame Figure 4 Access The Expert Drop-Down For The Top Menu The Expert shown (Top Users by Conversation) was one that I downloaded and installed. Experts are tiny programs that you install, just like any other application. In fact, here are the partial results of the Top Users by Conversation Expert that I downloaded and installed: Revised July 22, 2009 Page 31 of 33

32 Figure 5 Results of Top Conversations by User These results can be sorted by clicking on the headers. If you install the recommended add-ins you can graph the response as well. Currently, the Network Monitor Team has published 2 Experts for download and more are on the way. Here are the two that are currently offered: Revised July 22, 2009 Page 32 of 33

33 Figure 6 Available Experts From Network Monitor Team If you do not see the Expert you are looking for, you can download the SDK and write an expert of your own! Revised July 22, 2009 Page 33 of 33

Lab - Using Wireshark to View Network Traffic

Lab - Using Wireshark to View Network Traffic Topology Objectives Part 1: (Optional) Download and Install Wireshark Part 2: Capture and Analyze Local ICMP Data in Wireshark Start and stop data capture of ping traffic to local hosts. Locate the IP

More information

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs Tasks: 1 (10 min) Verify that TCP/IP is installed on each of the computers 2 (10 min) Connect the computers together via a switch 3 (10 min)

More information

Network Security: Workshop. Dr. Anat Bremler-Barr. Assignment #2 Analyze dump files Solution Taken from www.chrissanders.org

Network Security: Workshop. Dr. Anat Bremler-Barr. Assignment #2 Analyze dump files Solution Taken from www.chrissanders.org 1.pcap - File download Network Security: Workshop Dr. Anat Bremler-Barr Assignment #2 Analyze dump files Solution Taken from www.chrissanders.org Downloading a file is a pretty basic function when described

More information

Lab Exercise Ethernet

Lab Exercise Ethernet Lab Exercise Ethernet Objective To explore the details of Ethernet frames. Ethernet is a popular link layer protocol. Modern computers connect to Ethernet switches rather than use classic Ethernet. The

More information

Lab - Using Wireshark to Observe the TCP 3-Way Handshake

Lab - Using Wireshark to Observe the TCP 3-Way Handshake Topology Objectives Part 1: Prepare Wireshark to Capture Packets Select an appropriate NIC interface to capture packets. Part 2: Capture, Locate, and Examine Packets Capture a web session to www.google.com.

More information

Modern snoop lab lite version

Modern snoop lab lite version Modern snoop lab lite version Lab assignment in Computer Networking OpenIPLab Department of Information Technology, Uppsala University Overview This is a lab constructed as part of the OpenIPLab project.

More information

AutoDownload: SQL Server and Network Trouble Shooting

AutoDownload: SQL Server and Network Trouble Shooting AutoDownload: SQL Server and Network Trouble Shooting AutoDownload uses Microsoft s SQL Server database software. Since 2005 when AutoDownload was first released Microsoft have also released new versions

More information

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream User Manual Onsight Management Suite Version 5.1 Another Innovation by Librestream Doc #: 400075-06 May 2012 Information in this document is subject to change without notice. Reproduction in any manner

More information

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC 1 Introduction Release date: 11/12/2003 This application note details the steps for creating an IKE IPSec VPN tunnel

More information

USER GUIDE WEB-BASED SYSTEM CONTROL APPLICATION. www.pesa.com August 2014 Phone: 256.726.9200. Publication: 81-9059-0703-0, Rev. C

USER GUIDE WEB-BASED SYSTEM CONTROL APPLICATION. www.pesa.com August 2014 Phone: 256.726.9200. Publication: 81-9059-0703-0, Rev. C USER GUIDE WEB-BASED SYSTEM CONTROL APPLICATION Publication: 81-9059-0703-0, Rev. C www.pesa.com Phone: 256.726.9200 Thank You for Choosing PESA!! We appreciate your confidence in our products. PESA produces

More information

Module 1: Reviewing the Suite of TCP/IP Protocols

Module 1: Reviewing the Suite of TCP/IP Protocols Module 1: Reviewing the Suite of TCP/IP Protocols Contents Overview 1 Lesson: Overview of the OSI Model 2 Lesson: Overview of the TCP/IP Protocol Suite 7 Lesson: Viewing Frames Using Network Monitor 14

More information

MULTIFUNCTIONAL DIGITAL SYSTEMS. Network Fax Guide

MULTIFUNCTIONAL DIGITAL SYSTEMS. Network Fax Guide MULTIFUNCTIONAL DIGITAL SYSTEMS Network Fax Guide 2009 KYOCERA MITA Corporation All rights reserved Preface Thank you for purchasing Multifunctional Digital Color Systems. This manual explains the instructions

More information

Novell ZENworks Asset Management 7.5

Novell ZENworks Asset Management 7.5 Novell ZENworks Asset Management 7.5 w w w. n o v e l l. c o m October 2006 USING THE WEB CONSOLE Table Of Contents Getting Started with ZENworks Asset Management Web Console... 1 How to Get Started...

More information

Experiment # 7 Analyzing Network Traffic

Experiment # 7 Analyzing Network Traffic Experiment # 7 Analyzing Network Traffic Analyzing Network Traffic 8-1 : Introduction In the prior experiment, you experimented with measuring, logging and charting the performance of the Server using.the

More information

Chapter 15: Advanced Networks

Chapter 15: Advanced Networks Chapter 15: Advanced Networks IT Essentials: PC Hardware and Software v4.0 1 Determine a Network Topology A site survey is a physical inspection of the building that will help determine a basic logical

More information

Colligo Email Manager 6.0. Offline Mode - User Guide

Colligo Email Manager 6.0. Offline Mode - User Guide 6.0 Offline Mode - User Guide Contents Colligo Email Manager 1 Key Features 1 Benefits 1 Installing and Activating Colligo Email Manager 2 Checking for Updates 3 Updating Your License Key 3 Managing SharePoint

More information

USER GUIDE. Ethernet Configuration Guide (Lantronix) P/N: 2900-300321 Rev 6

USER GUIDE. Ethernet Configuration Guide (Lantronix) P/N: 2900-300321 Rev 6 KRAMER ELECTRONICS LTD. USER GUIDE Ethernet Configuration Guide (Lantronix) P/N: 2900-300321 Rev 6 Contents 1 Connecting to the Kramer Device via the Ethernet Port 1 1.1 Connecting the Ethernet Port Directly

More information

Colligo Email Manager 6.0. Connected Mode - User Guide

Colligo Email Manager 6.0. Connected Mode - User Guide 6.0 Connected Mode - User Guide Contents Colligo Email Manager 1 Benefits 1 Key Features 1 Platforms Supported 1 Installing and Activating Colligo Email Manager 2 Checking for Updates 3 Updating Your License

More information

Network Security: Workshop

Network Security: Workshop Network Security: Workshop Protocol Analyzer Network analysis is the process of capturing network traffic and inspecting it closely to determine what is happening on the network decodes,, or dissects,,

More information

Network Probe User Guide

Network Probe User Guide Network Probe User Guide Network Probe User Guide Table of Contents 1. Introduction...1 2. Installation...2 Windows installation...2 Linux installation...3 Mac installation...4 License key...5 Deployment...5

More information

Vodafone Text Centre User Guide for Microsoft Outlook

Vodafone Text Centre User Guide for Microsoft Outlook Vodafone Text Centre User Guide for Microsoft Outlook 1 Contents Introduction 1 System requirements 2 Installation 3 The installation guide 3 First use 5 Send a message 8 Select recipient 8 Enter the message

More information

Introduction to Wireshark Network Analysis

Introduction to Wireshark Network Analysis Introduction to Wireshark Network Analysis Page 2 of 24 Table of Contents INTRODUCTION 4 Overview 4 CAPTURING LIVE DATA 5 Preface 6 Capture Interfaces 6 Capture Options 6 Performing the Capture 8 ANALYZING

More information

Lab VI Capturing and monitoring the network traffic

Lab VI Capturing and monitoring the network traffic Lab VI Capturing and monitoring the network traffic 1. Goals To gain general knowledge about the network analyzers and to understand their utility To learn how to use network traffic analyzer tools (Wireshark)

More information

Deploying Windows Streaming Media Servers NLB Cluster and metasan

Deploying Windows Streaming Media Servers NLB Cluster and metasan Deploying Windows Streaming Media Servers NLB Cluster and metasan Introduction...................................................... 2 Objectives.......................................................

More information

Allworx Installation Course

Allworx Installation Course VPN Hello and welcome. In the VPN section we will cover the steps for enabling the VPN feature on the Allworx server and how to set up a VPN connection to the Allworx System from your PC. Page 1 VPN The

More information

Intel Unite Solution. Standalone User Guide

Intel Unite Solution. Standalone User Guide Intel Unite Solution Standalone User Guide Legal Disclaimers & Copyrights All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel

More information

Microsoft Query, the helper application included with Microsoft Office, allows

Microsoft Query, the helper application included with Microsoft Office, allows 3 RETRIEVING ISERIES DATA WITH MICROSOFT QUERY Microsoft Query, the helper application included with Microsoft Office, allows Office applications such as Word and Excel to read data from ODBC data sources.

More information

Network Connections and Wireless Security

Network Connections and Wireless Security Network Connections and Wireless Security This chapter explains how to use your Wireless Adapter to connect to your Wireless Local Area Network (WLAN) and how to set up wireless security for the Wireless

More information

PREFACE http://www.okiprintingsolutions.com 07108001 iss.01 -

PREFACE http://www.okiprintingsolutions.com 07108001 iss.01 - Network Guide PREFACE Every effort has been made to ensure that the information in this document is complete, accurate, and up-to-date. The manufacturer assumes no responsibility for the results of errors

More information

CentreWare Internet Services Setup and User Guide. Version 2.0

CentreWare Internet Services Setup and User Guide. Version 2.0 CentreWare Internet Services Setup and User Guide Version 2.0 Xerox Corporation Copyright 1999 by Xerox Corporation. All rights reserved. XEROX, The Document Company, the digital X logo, CentreWare, and

More information

DataPA OpenAnalytics End User Training

DataPA OpenAnalytics End User Training DataPA OpenAnalytics End User Training DataPA End User Training Lesson 1 Course Overview DataPA Chapter 1 Course Overview Introduction This course covers the skills required to use DataPA OpenAnalytics

More information

Please check www.milestonesys.com for updates to make sure you install the most recent version of our software.

Please check www.milestonesys.com for updates to make sure you install the most recent version of our software. Guide Contents Dear Milestone Customer, With the purchase of Milestone XProtect Central you have chosen a very powerful central monitoring solution, providing instant overview of any number of Milestone

More information

Wireshark Lab: Assignment 1w (Optional)

Wireshark Lab: Assignment 1w (Optional) Tell me and I forget. Show me and I remember. Involve me and I understand. Chinese proverb 2005-21012, J.F Kurose and K.W. Ross, All Rights Reserved Wireshark Lab: Assignment 1w (Optional) One s understanding

More information

Kaseya Server Instal ation User Guide June 6, 2008

Kaseya Server Instal ation User Guide June 6, 2008 Kaseya Server Installation User Guide June 6, 2008 About Kaseya Kaseya is a global provider of IT automation software for IT Solution Providers and Public and Private Sector IT organizations. Kaseya's

More information

Bitrix Site Manager ASP.NET. Installation Guide

Bitrix Site Manager ASP.NET. Installation Guide Bitrix Site Manager ASP.NET Installation Guide Contents Introduction... 4 Chapter 1. Checking for IIS Installation... 5 Chapter 2. Using An Archive File to Install Bitrix Site Manager ASP.NET... 7 Preliminary

More information

Legal Notes. Regarding Trademarks. 2012 KYOCERA Document Solutions Inc.

Legal Notes. Regarding Trademarks. 2012 KYOCERA Document Solutions Inc. Legal Notes Unauthorized reproduction of all or part of this guide is prohibited. The information in this guide is subject to change without notice. We cannot be held liable for any problems arising from

More information

In the same spirit, our QuickBooks 2008 Software Installation Guide has been completely revised as well.

In the same spirit, our QuickBooks 2008 Software Installation Guide has been completely revised as well. QuickBooks 2008 Software Installation Guide Welcome 3/25/09; Ver. IMD-2.1 This guide is designed to support users installing QuickBooks: Pro or Premier 2008 financial accounting software, especially in

More information

Colligo Email Manager 5.1. User Guide

Colligo Email Manager 5.1. User Guide 5.1 User Guide Contents Enterprise Email Management for SharePoint 2010 1 Benefits 1 Key Features 1 Platforms Supported 1 Installing and Activating Colligo Email Manager 2 Managing SharePoint Sites 5 Adding

More information

Installation Guide For ChoiceMail Enterprise Edition

Installation Guide For ChoiceMail Enterprise Edition Installation Guide For ChoiceMail Enterprise Edition How to Install ChoiceMail Enterprise On A Server In Front Of Your Company Mail Server August, 2004 Version 2.6x Copyright DigiPortal Software, 2002-2004

More information

Colligo Email Manager 6.2. Offline Mode - User Guide

Colligo Email Manager 6.2. Offline Mode - User Guide 6.2 Offline Mode - User Guide Contents Colligo Email Manager 1 Benefits 1 Key Features 1 Platforms Supported 1 Installing and Activating Colligo Email Manager 3 Checking for Updates 4 Updating Your License

More information

Guideline for setting up a functional VPN

Guideline for setting up a functional VPN Guideline for setting up a functional VPN Why do I want a VPN? VPN by definition creates a private, trusted network across an untrusted medium. It allows you to connect offices and people from around the

More information

Acronis Backup & Recovery 10 Advanced Server Virtual Edition. Quick Start Guide

Acronis Backup & Recovery 10 Advanced Server Virtual Edition. Quick Start Guide Acronis Backup & Recovery 10 Advanced Server Virtual Edition Quick Start Guide Table of contents 1 Main components...3 2 License server...3 3 Supported operating systems...3 3.1 Agents... 3 3.2 License

More information

Network FAX Driver. Operation Guide

Network FAX Driver. Operation Guide Network FAX Driver Operation Guide About this Operation Guide This Operation Guide explains the settings for the Network FAX driver as well as the procedures that are required in order to use the Network

More information

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Configuring SSL VPN on the Cisco ISA500 Security Appliance Application Note Configuring SSL VPN on the Cisco ISA500 Security Appliance This application note describes how to configure SSL VPN on the Cisco ISA500 security appliance. This document includes these

More information

Lab 8.3.2 Conducting a Network Capture with Wireshark

Lab 8.3.2 Conducting a Network Capture with Wireshark Lab 8.3.2 Conducting a Network Capture with Wireshark Objectives Perform a network traffic capture with Wireshark to become familiar with the Wireshark interface and environment. Analyze traffic to a web

More information

Networking. General networking. Networking overview. Common home network configurations. Wired network example. Wireless network examples

Networking. General networking. Networking overview. Common home network configurations. Wired network example. Wireless network examples Networking General networking Networking overview A network is a collection of devices such as computers, printers, Ethernet hubs, wireless access points, and routers connected together for communication

More information

Hamline University Administrative Computing Page 1

Hamline University Administrative Computing Page 1 User Guide Banner Handout: BUSINESS OBJECTS ENTERPRISE (InfoView) Document: boxi31sp3-infoview.docx Created: 5/11/2011 1:24 PM by Chris Berry; Last Modified: 8/31/2011 1:53 PM Purpose:... 2 Introduction:...

More information

If you re the unofficial administrator of your home or small

If you re the unofficial administrator of your home or small C H A P T E R Monitoring Your Network If you re the unofficial administrator of your home or small office network, I imagine you re already saddled with a fairly long to-do list of network chores: adding

More information

SonicWALL GMS Custom Reports

SonicWALL GMS Custom Reports SonicWALL GMS Custom Reports Document Scope This document describes how to configure and use the SonicWALL GMS 6.0 Custom Reports feature. This document contains the following sections: Feature Overview

More information

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version 1.0.0. 613-001339 Rev.

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version 1.0.0. 613-001339 Rev. Management Software AT-S106 Web Browser User s Guide For the AT-GS950/48 Gigabit Ethernet Smart Switch Version 1.0.0 613-001339 Rev. A Copyright 2010 Allied Telesis, Inc. All rights reserved. No part of

More information

Copies of QuickBooks aren t cheap, so the people who do your bookkeeping

Copies of QuickBooks aren t cheap, so the people who do your bookkeeping appendix d Tracking with the Standalone r Copies of QuickBooks aren t cheap, so the people who do your bookkeeping are probably the only ones who have access to the program. Meanwhile, you may have dozens

More information

Frequently Asked Questions

Frequently Asked Questions Frequently Asked Questions Contents Installing Lync 2010 Setting Up Devices Managing Contacts Using Lync 2010 as a Phone Using Lync 2010 with Office Outlook Scheduling Meetings Inviting People to Meetings

More information

Print Server Application Guide. This guide applies to the following models.

Print Server Application Guide. This guide applies to the following models. Print Server Application Guide This guide applies to the following models. TL-WR842ND TL-WR1042ND TL-WR1043ND TL-WR2543ND TL-WDR4300 CONTENTS Chapter 1. Overview... 1 Chapter 2. Before Installation...

More information

Smoking and any food or drinks are not permitted in the Applications Lab!

Smoking and any food or drinks are not permitted in the Applications Lab! 220 Lab C Introduction to Cisco IP Telephony Pre-Lab Activities: None Purpose of the experiment: To explore the Cisco IP Telephony System configuration options, and its use. Smoking and any food or drinks

More information

Personal Call Manager User Guide. BCM Business Communications Manager

Personal Call Manager User Guide. BCM Business Communications Manager Personal Call Manager User Guide BCM Business Communications Manager Document Status: Standard Document Version: 04.01 Document Number: NN40010-104 Date: August 2008 Copyright Nortel Networks 2005 2008

More information

Pre-lab and In-class Laboratory Exercise 10 (L10)

Pre-lab and In-class Laboratory Exercise 10 (L10) ECE/CS 4984: Wireless Networks and Mobile Systems Pre-lab and In-class Laboratory Exercise 10 (L10) Part I Objectives and Lab Materials Objective The objectives of this lab are to: Familiarize students

More information

Figure 1. Wireshark Menu Bar

Figure 1. Wireshark Menu Bar Packet Capture In this article, we shall cover the basic working of a sniffer, to capture packets for analyzing the traffic. If an analyst does not have working skills of a packet sniffer to a certain

More information

ProSafe Plus Switch Utility

ProSafe Plus Switch Utility ProSafe Plus Switch Utility User Guide 350 East Plumeria Drive San Jose, CA 95134 USA September 2010 202-10524-03 v1.0 ProSafe Plus Switch Utility User Guide 2010 NETGEAR, Inc. All rights reserved. No

More information

Hosting Users Guide 2011

Hosting Users Guide 2011 Hosting Users Guide 2011 eofficemgr technology support for small business Celebrating a decade of providing innovative cloud computing services to small business. Table of Contents Overview... 3 Configure

More information

Pro Bundle Evaluator s Guide. 2015 Software Pursuits, Inc.

Pro Bundle Evaluator s Guide. 2015 Software Pursuits, Inc. Pro Bundle Evaluator s Guide 2015 Table of Contents Introduction... 2 System Requirements... 2 Contact Information... 3 About the Communications Agent Add-On... 3 Other SureSync Add-Ons... 4 File Locking

More information

Fundamentals of UNIX Lab 16.2.6 Networking Commands (Estimated time: 45 min.)

Fundamentals of UNIX Lab 16.2.6 Networking Commands (Estimated time: 45 min.) Fundamentals of UNIX Lab 16.2.6 Networking Commands (Estimated time: 45 min.) Objectives: Develop an understanding of UNIX and TCP/IP networking commands Ping another TCP/IP host Use traceroute to check

More information

Email client configuration guide. Business Email

Email client configuration guide. Business Email Email client configuration guide Business Email August 2013 Contents 1. Mac Email Clients 1.1 Downloading Microsoft Outlook (Professional Plan Users) 1.2 Configuring Microsoft Outlook (Full Exchange Server

More information

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure Question Number (ID) : 1 (wmpmsp_mngnwi-121) You are an administrator for an organization that provides Internet connectivity to users from the corporate network. Several users complain that they cannot

More information

Apple Mac VPN Service Setting up Remote Desktop

Apple Mac VPN Service Setting up Remote Desktop Apple Mac VPN Service Setting up Remote Desktop After you have successfully connected via the VPN client to the University network you will then need to make the connection to your machine. To do this

More information

Install MS SQL Server 2012 Express Edition

Install MS SQL Server 2012 Express Edition Install MS SQL Server 2012 Express Edition Sohodox now works with SQL Server Express Edition. Earlier versions of Sohodox created and used a MS Access based database for storing indexing data and other

More information

VPN Access to the NTEN Network

VPN Access to the NTEN Network VPN Access to the NTEN Network 2004 Networking and Telecommunications Engineering By: Leif Thordarson Virtual Private Network Documentation Page ii TABLE OF CONTENTS List of Illustrations and Tables...

More information

InventoryControl for use with QuoteWerks Quick Start Guide

InventoryControl for use with QuoteWerks Quick Start Guide InventoryControl for use with QuoteWerks Quick Start Guide Copyright 2013 Wasp Barcode Technologies 1400 10 th St. Plano, TX 75074 All Rights Reserved STATEMENTS IN THIS DOCUMENT REGARDING THIRD PARTY

More information

Ethereal: Getting Started

Ethereal: Getting Started Ethereal: Getting Started Computer Networking: A Topdown Approach Featuring the Internet, 3 rd edition. Version: July 2005 2005 J.F. Kurose, K.W. Ross. All Rights Reserved Tell me and I forget. Show me

More information

Test Note Phone Manager Deployment Windows Group Policy Sever 2003 and XP SPII Clients

Test Note Phone Manager Deployment Windows Group Policy Sever 2003 and XP SPII Clients Test Note Phone Manager Deployment Windows Group Policy Sever 2003 and XP SPII Clients Note: I have only tested these procedures on Server 2003 SP1 (DC) and XP SPII client, in a controlled lab environment,

More information

Business Objects Version 5 : Introduction

Business Objects Version 5 : Introduction Business Objects Version 5 : Introduction Page 1 TABLE OF CONTENTS Introduction About Business Objects Changing Your Password Retrieving Pre-Defined Reports Formatting Your Report Using the Slice and Dice

More information

EKT 332/4 COMPUTER NETWORK

EKT 332/4 COMPUTER NETWORK UNIVERSITI MALAYSIA PERLIS SCHOOL OF COMPUTER & COMMUNICATIONS ENGINEERING EKT 332/4 COMPUTER NETWORK LABORATORY MODULE LAB 2 NETWORK PROTOCOL ANALYZER (SNIFFING AND IDENTIFY PROTOCOL USED IN LIVE NETWORK)

More information

Finding and Opening Documents

Finding and Opening Documents In this chapter Learn how to get around in the Open File dialog box. See how to navigate through drives and folders and display the files in other folders. Learn how to search for a file when you can t

More information

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide Windows 2000, Windows Server 2003 5.0 11293743 Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide Copyright

More information

Setup and Configuration Guide for Pathways Mobile Estimating

Setup and Configuration Guide for Pathways Mobile Estimating Setup and Configuration Guide for Pathways Mobile Estimating Setup and Configuration Guide for Pathways Mobile Estimating Copyright 2008 by CCC Information Services Inc. All rights reserved. No part of

More information

ms-help://ms.technet.2005mar.1033/security/tnoffline/security/smbiz/winxp/fwgrppol...

ms-help://ms.technet.2005mar.1033/security/tnoffline/security/smbiz/winxp/fwgrppol... Page 1 of 16 Security How to Configure Windows Firewall in a Small Business Environment using Group Policy Introduction This document explains how to configure the features of Windows Firewall on computers

More information

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide This document is intended to help you get started using WebSpy Vantage Ultimate and the Web Module. For more detailed information, please see

More information

Configuring Windows Server Clusters

Configuring Windows Server Clusters Configuring Windows Server Clusters In Enterprise network, group of servers are often used to provide a common set of services. For example, Different physical computers can be used to answer request directed

More information

Iridium Extreme TM Satellite Phone. Data Services Manual

Iridium Extreme TM Satellite Phone. Data Services Manual Iridium Extreme TM Satellite Phone Data Services Manual Table of Contents 1 OVERVIEW... 1 2 HOW IT WORKS... 1 3 BEFORE INSTALLING... 2 4 USB DRIVER INSTALLATION... 3 5 MODEM INSTALLATION AND CONFIGURATION...

More information

How To Understand and Configure Your Network for IntraVUE

How To Understand and Configure Your Network for IntraVUE How To Understand and Configure Your Network for IntraVUE Summary This document attempts to standardize the methods used to configure Intrauve in situations where there is little or no understanding of

More information

Installation Instruction STATISTICA Enterprise Server

Installation Instruction STATISTICA Enterprise Server Installation Instruction STATISTICA Enterprise Server Notes: ❶ The installation of STATISTICA Enterprise Server entails two parts: a) a server installation, and b) workstation installations on each of

More information

What communication protocols are used to discover Tesira servers on a network?

What communication protocols are used to discover Tesira servers on a network? Understanding device discovery methods in Tesira OBJECTIVES In this application note, basic networking concepts will be summarized to better understand how Tesira servers are discovered over networks.

More information

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client. WatchGuard SSL v3.2 Release Notes Supported Devices SSL 100 and 560 WatchGuard SSL OS Build 355419 Revision Date January 28, 2013 Introduction WatchGuard is pleased to announce the release of WatchGuard

More information

CET442L Lab #2. IP Configuration and Network Traffic Analysis Lab

CET442L Lab #2. IP Configuration and Network Traffic Analysis Lab CET442L Lab #2 IP Configuration and Network Traffic Analysis Lab Goals: In this lab you will plan and implement the IP configuration for the Windows server computers on your group s network. You will use

More information

Imaging Computing Server User Guide

Imaging Computing Server User Guide Imaging Computing Server User Guide PerkinElmer, Viscount Centre II, University of Warwick Science Park, Millburn Hill Road, Coventry, CV4 7HS T +44 (0) 24 7669 2229 F +44 (0) 24 7669 0091 E cellularimaging@perkinelmer.com

More information

Setting up your laptop to print to the student lounge printer

Setting up your laptop to print to the student lounge printer Setting up your laptop to print to the student lounge printer Click on the system you are using: 1) MacOS X 10.2 2) MacOS X 10.3/10.4 3) Windows 2000/XP 4) Windows 7/Vista 1) MacOS X 10.2 In order to print

More information

Software Installation Requirements

Software Installation Requirements Software Installation Guide PrintIQ TM Software Installation Requirements Please use the following guide to ensure that you're meeting all requirements prior to installing the PrintIQ TM Xerox Device Agent

More information

Senior Systems Cloud Services

Senior Systems Cloud Services Senior Systems Cloud Services In this guide... Senior Systems Cloud Services 1 Cloud Services User Guide 2 Working In Your Cloud Environment 3 Cloud Profile Management Tool 6 How To Save Files 8 How To

More information

Introduction. What is a Remote Console? What is the Server Service? A Remote Control Enabled (RCE) Console

Introduction. What is a Remote Console? What is the Server Service? A Remote Control Enabled (RCE) Console Contents Introduction... 3 What is a Remote Console?... 3 What is the Server Service?... 3 A Remote Control Enabled (RCE) Console... 3 Differences Between the Server Service and an RCE Console... 4 Configuring

More information

Quick Start Guide for Parallels Virtuozzo

Quick Start Guide for Parallels Virtuozzo PROPALMS VDI Version 2.1 Quick Start Guide for Parallels Virtuozzo Rev. 1.1 Published: JULY-2011 1999-2011 Propalms Ltd. All rights reserved. The information contained in this document represents the current

More information

Deploying the BIG-IP LTM system and Microsoft Windows Server 2003 Terminal Services

Deploying the BIG-IP LTM system and Microsoft Windows Server 2003 Terminal Services Deployment Guide Deploying the BIG-IP System with Microsoft Windows Server 2003 Terminal Services Deploying the BIG-IP LTM system and Microsoft Windows Server 2003 Terminal Services Welcome to the BIG-IP

More information

Outlook XP Email Only

Outlook XP Email Only Outlook XP Email Only Table of Contents OUTLOOK XP EMAIL 5 HOW EMAIL WORKS: 5 POP AND SMTP: 5 TO SET UP THE POP AND SMTP ADDRESSES: 6 TO SET THE DELIVERY PROPERTY: 8 STARTING OUTLOOK: 10 THE OUTLOOK BAR:

More information

EXCEL PIVOT TABLE David Geffen School of Medicine, UCLA Dean s Office Oct 2002

EXCEL PIVOT TABLE David Geffen School of Medicine, UCLA Dean s Office Oct 2002 EXCEL PIVOT TABLE David Geffen School of Medicine, UCLA Dean s Office Oct 2002 Table of Contents Part I Creating a Pivot Table Excel Database......3 What is a Pivot Table...... 3 Creating Pivot Tables

More information

Customer Tips. Network Packet Analyzer Tips. for the user. Purpose. Introduction to Packet Capture. Xerox Multifunction Devices.

Customer Tips. Network Packet Analyzer Tips. for the user. Purpose. Introduction to Packet Capture. Xerox Multifunction Devices. Xerox Multifunction Devices Customer Tips January 15, 2004 This document applies to these Xerox products: Network Packet Analyzer Tips Purpose This document contains a procedure that Xerox customers can

More information

GEVPlayer. Quick Start Guide

GEVPlayer. Quick Start Guide GEVPlayer Quick Start Guide High-performance imaging data and video over Ethernet. Version 2.0 These products are not intended for use in life support appliances, devices, or systems where malfunction

More information

vtcommander Installing and Starting vtcommander

vtcommander Installing and Starting vtcommander vtcommander vtcommander provides a local graphical user interface (GUI) to manage Hyper-V R2 server. It supports Hyper-V technology on full and core installations of Windows Server 2008 R2 as well as on

More information

13 Managing Devices. Your computer is an assembly of many components from different manufacturers. LESSON OBJECTIVES

13 Managing Devices. Your computer is an assembly of many components from different manufacturers. LESSON OBJECTIVES LESSON 13 Managing Devices OBJECTIVES After completing this lesson, you will be able to: 1. Open System Properties. 2. Use Device Manager. 3. Understand hardware profiles. 4. Set performance options. Estimated

More information

Tharo Systems, Inc. 2866 Nationwide Parkway P.O. Box 798 Brunswick, OH 44212 USA Tel: 330.273.4408 Fax: 330.225.0099

Tharo Systems, Inc. 2866 Nationwide Parkway P.O. Box 798 Brunswick, OH 44212 USA Tel: 330.273.4408 Fax: 330.225.0099 Introduction EASYLABEL 6 has several new features for saving the history of label formats. This history can include information about when label formats were edited and printed. In order to save this history,

More information

Installing LearningBay Enterprise Part 2

Installing LearningBay Enterprise Part 2 Installing LearningBay Enterprise Part 2 Support Document Copyright 2012 Axiom. All Rights Reserved. Page 1 Please note that this document is one of three that details the process for installing LearningBay

More information

VMware/Hyper-V Backup Plug-in User Guide

VMware/Hyper-V Backup Plug-in User Guide VMware/Hyper-V Backup Plug-in User Guide COPYRIGHT No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying,

More information

NETWORK PRINT MONITOR User Guide

NETWORK PRINT MONITOR User Guide NETWORK PRINT MONITOR User Guide Legal Notes Unauthorized reproduction of all or part of this guide is prohibited. The information in this guide is subject to change without notice. We cannot be held liable

More information