Watching the Network Traffic Flow - Page 2

 By Drew Bird
Page 2 of 2   |  Back to Page 1
Print Article
Continued From Page 1

Why Install Network Monitor?
While the Performance Console is a good tool for monitoring how much network traffic is being handled by a server, on some occasions you might need to take your monitoring activities one step further and determine where network traffic is being sent to and from. In this case, unless you want to invest in a third-party product, you will need to install the Network Monitor utility provided with Windows Server 2003. The Network Monitor utility is not loaded by default, but is easy to install through the Control Panel, Add/Remove Programs, Add/Remove Windows Components. Network Monitor is part of the Management and Monitoring Tools group of programs, and can be installed as part of the group or individually.

The version of Network Monitor provided with Windows Server 2003 is a stripped-down version of the tool provided with Microsoft Systems Management Server (SMS). The main difference between the two is that the Windows Server 2003 version of Network Monitor does not allow you to view any network traffic other than that sent or received by the system on which it is running. There are also other, minor differences, like the inability to edit and retransmit traffic. The more advanced SMS version also allows you to determine which user or protocol is occupying the most network bandwidth.

Even with these limitations, though, the Network Monitor utility still provides enough features to perform basic network traffic and packet analysis. For example, you can see what IP addresses or MAC addresses are responsible for creating network traffic. This kind of information can be particularly useful if you suspect that a certain user is hogging bandwidth, or less nefariously, using a system with a faulty network card. You can also perform functions such as determining what the levels of DHCP traffic are on the network. Again, this can be useful in determining server placement and other network planning activities.

Network Monitor also allows you to capture and view packets from the network. This can be useful if you want to see what data is being transmitted over the network. Be warned, however, that only certain types of protocols and files will allow you to easily view a packet contents. Expert analysis of packet contents is an art form, and justified only if you have a situation such as a security concern — in which case, it is probably time to call in someone who is experienced in such matters anyway.

Beyond Built-in Tools
As you can see, creating a solid network traffic monitoring strategy is achievable with the tools provided with the Windows Server 2003. That said, there are some other relatively inexpensive network traffic monitoring solutions that may be worth your attention. However, be careful to evaluate these additional benefits of third-party products. You might find that the previously discussed tools such Performance Console do the job just as well — or at least just as well as you need them to.

Here are links to a few network traffic monitoring and packet analysis tools that may be of interest. Most of these tools have versions available for free download, so you can try before you buy. Many of them also offer additional functionality over just plain network traffic monitoring capabilities.

TrafMeter is network traffic monitoring tool allows you to create include/exclude filters to see the cumulative effect of different types of network traffic on your network. The product is free to download and evaluate, but only allows you to create one traffic filter. A full version is available for between $99 and $695.

Sniff'em is a full-featured network traffic monitoring tool that provides comprehensive support for all commonly used network interfaces including USB and FireWire devices. It also supports dial-up adapters. Pricing starts at $100, but Sniff'em is available in a number of licensing models, including special deals for academic and non-profit organizations.

TracePlus/Ethernet is a powerful tool that provides a wide range of reports, filters and other features for tracking and monitoring network usage. TracePlus/Ethernet can be used to import packet capture files from a range of other network monitoring applications including Microsoft Network Monitor. Pricing for TracePlus/Ethernet is $349, with discounts available for multiple license purchases. Product demonstrations are also available.

This article was originally published on Apr 5, 2004
Get the Latest Scoop with Networking Update Newsletter