Collect data using Network Monitor
In this topic, you will learn how to use Microsoft Network Monitor 3.4, which is a tool for capturing network traffic.
Network Monitor is the archived protocol analyzer and is no longer under development. Microsoft Message Analyzer is the replacement for Network Monitor. For more details, see Microsoft Message Analyzer Operating Guide.
To get started, download and run NM34_x64.exe. When you install Network Monitor, it installs its driver and hooks it to all the network adapters installed on the device. You can see the same on the adapter properties, as shown in the following image.
When the driver gets hooked to the network interface card (NIC) during installation, the NIC is reinitialized, which might cause a brief network glitch.
To capture traffic
Run netmon in an elevated status by choosing Run as Administrator.
Network Monitor opens with all network adapters displayed. Select the network adapters where you want to capture traffic, click New Capture, and then click Start.
Reproduce the issue, and you will see that Network Monitor grabs the packets on the wire.
Select Stop, and go to File > Save as to save the results. By default, the file will be saved as a «.cap» file.
The saved file has captured all the traffic that is flowing to and from the selected network adapters on the local computer. However, your interest is only to look into the traffic/packets that are related to the specific connectivity problem you are facing. So you will need to filter the network capture to see only the related traffic.
Commonly used filters
- Ipv4.address==»client ip» and ipv4.address==»server ip»
- Tcp.port==
- Udp.port==
- Icmp
- Arp
- Property.tcpretranmits
- Property.tcprequestfastretransmits
- Tcp.flags.syn==1
If you want to filter the capture for a specific field and do not know the syntax for that filter, just right-click that field and select Add the selected value to Display Filter.
Network traces which are collected using the netsh commands built in to Windows are of the extension «ETL». However, these ETL files can be opened using Network Monitor for further analysis.
Network Activity Indicator for Windows 7-10
Network Activity Indicator displays the old ‘two monitors’ icon in Windows 7/10 that flashed blue to show network activity on the System Tray.
Network Activity Indicator indicates outgoing and incoming network packets on all available interfaces.
This utility is a standalone executable. Run the program; this will add a new icon to the System Tray. Now you can monitor your network traffic in Windows 10 using XP-like ‘two monitors’ icon on the System Tray.
To customize program settings right-click the mouse on the Network Activity Indicator icon on the System Tray.
Network Activity Indicator is also available in other languages. In order to change the language of Network Activity Indicator, download the appropriate language zip file, extract the ‘NetworkIndicator.lng’, and put it in the same folder that you installed Network Activity Indicator.
| Language | Translated by | Date |
| Bulgarian | Ivan Karadzhov | September 13, 2017 |
| Chinese (Simplified) | vcAngel | March 22, 2011 |
| Chinese (Traditional) | Tai Shiang Tzeng | May 16, 2015 |
| Chinese (Traditional) (v1.8) | Tai Shiang Tzeng | June 9, 2020 |
| Czech | Gtein | May 1, 2020 |
| Danish | Michael Pedersen | November 1, 2010 |
| Dutch | Edgar Zeijlemaker | November 22, 2010 |
| Estonian | Margus Lind | December 18, 2010 |
| Finnish | Rainer Pafs | November 28, 2014 |
| French | Le Ch@land  | March 17, 2015 |
| French | Challenger | October 26, 2010 |
| German | Marc-Oliver Stühmer | August 14, 2015 |
| German | German Man | November 4, 2010 |
| German | Klaus Neumer | October 28, 2010 |
| Greek | Giorgos Tsimperlenios | December 23, 2010 |
| Hungarian | Szabo Tibor | November 6, 2010 |
| Indonesian | Jim Fernando | November 4, 2010 |
| Italian (v1.7) | Giulio Di Giuliomaria | February 22, 2015 |
| Italian | Alessandro Tempestini | October 26, 2010 |
| Japanese | Kazuhiro Matsuda | October, 26 2010 |
| Korean | Zames Dean | September, 13 2012 |
| Latvian | Nizaury | January 29, 2011 |
| Lithuanian | Karolis Masaitis | July 28, 2013 |
| Polish | Kamil Pieczonka | November 14, 2010 |
| Persian | Peyman | June 7, 2017 |
| Portuguese Brazil | Fabiano Santos | October 24, 2010 |
| Russian | Igor Tolmachev | November 8, 2014 |
| Slovak | Schurda | November 17, 2010 |
| Spanish | Leonardo Maragna | October 24, 2010 |
| Swedish | Peter Tillman | December 26, 2011 |
| Thai | Chawanat Nakasan | November 30, 2010 |
| Turkish | Cemil Kaynar | June 17, 2017 |
| Turkish | Burak Yavuz | October 24, 2010 |
| Ukrainian | Alex Mich | February 22, 2011 |
Translating Network Activity Indicator to other languages
Network Activity Indicator allows you to easily translate all dialog boxes, menus, and strings to another language. In order to do that, follow the instructions below:
- Download English template file: Download
- Unpack/unzip the downloaded package and open NetworkIndicator.lng in Notepad or any other text editor.
- Translate all the menus, dialog boxes, and string entries to the desired language.
- After you finish the translation, copy the NetworkIndicator.lng file to the folder that you installed Network Activity Indicator.
- If you want to run Network Activity Indicator without the translation, simply rename the language file, or move it to another folder.
32-bit: download (160KB, revised December 12, 2014) setup wizard (438KB, revised December 12, 2014)
64-bit: download (162KB, revised December 12, 2014) setup wizard (445KB, revised December 12, 2014)
version: 1.6 download (146KB, revised October 25, 2010) setup wizard (420KB, revised October 25, 2010)
version: 1.5 download (79KB, revised June 30, 2010)
version: 1.4 download (78KB, revised June 19, 2010)
version: 1.3 download (74KB, revised April 20, 2010)
Сбор данных с помощью сетевого монитора Collect data using Network Monitor
В этом разделе вы узнаете, как использовать сетевой монитор Microsoft 3,4, который является средством для захвата сетевого трафика. In this topic, you will learn how to use Microsoft Network Monitor 3.4, which is a tool for capturing network traffic.
Сетевой монитор является анализатором архивированных протоколов и больше не находится в разработке. Network Monitor is the archived protocol analyzer and is no longer under development. Microsoft Message Analyzer — это замена в сетевом мониторе. Microsoft Message Analyzer is the replacement for Network Monitor. Дополнительные сведения можно найти в Руководстве Microsoft Message Analyzer. For more details, see Microsoft Message Analyzer Operating Guide.
Чтобы приступить к работе, скачайте и запустите NM34_x64.exe. To get started, download and run NM34_x64.exe. При установке сетевого монитора он устанавливает драйвер и подключает его ко всем сетевым адаптерам, установленным на устройстве. When you install Network Monitor, it installs its driver and hooks it to all the network adapters installed on the device. Вы увидите одно и то же на вкладке Свойства адаптера, как показано на рисунке ниже. You can see the same on the adapter properties, as shown in the following image.
Если драйвер подключен к сетевому интерфейсу (NIC) во время установки, сетевая карта инициализируется повторно, что может привести к сбою в работе сети. When the driver gets hooked to the network interface card (NIC) during installation, the NIC is reinitialized, which might cause a brief network glitch.
Чтобы записать трафик To capture traffic
Запустите NetMon в состоянии с повышенными привилегиями, выбрав команду Запуск от имени администратора. Run netmon in an elevated status by choosing Run as Administrator.
Откроется сетевой монитор с отображением всех сетевых адаптеров. Network Monitor opens with all network adapters displayed. Выберите Сетевые адаптеры, для которых вы хотите записать трафик, нажмите кнопку создать запись, а затем нажмите кнопку начать. Select the network adapters where you want to capture traffic, click New Capture, and then click Start.
Воспроизведите этот вопрос, и вы увидите, что сетевой монитор извлекает пакеты по каналу связи. Reproduce the issue, and you will see that Network Monitor grabs the packets on the wire.
Нажмите кнопку остановитьи перейдите в раздел файл > сохранить как , чтобы сохранить результаты. Select Stop, and go to File > Save as to save the results. По умолчанию файл сохраняется как файл «. Cap». By default, the file will be saved as a «.cap» file.
Сохраненный файл получил весь трафик, который передается на выбранные сетевые адаптеры на локальном компьютере и с него. The saved file has captured all the traffic that is flowing to and from the selected network adapters on the local computer. Тем не менее, вам нужно будет просмотреть трафик и пакеты, которые связаны с проблемой, связанной с конкретным подключением. However, your interest is only to look into the traffic/packets that are related to the specific connectivity problem you are facing. Поэтому вам потребуется отфильтровать сетевое перезапись, чтобы просмотреть только связанный трафик. So you will need to filter the network capture to see only the related traffic.
Часто используемые фильтры Commonly used filters
- IPv4. Address = = «клиент IP» и IPv4. Address = = «IP-адрес сервера» Ipv4.address==»client ip» and ipv4.address==»server ip»
- TCP. Port = = Tcp.port==
- UDP. Port = = Udp.port==
- — Icmp
- Модуле Arp
- Property. tcpretranmits Property.tcpretranmits
- Property. tcprequestfastretransmits Property.tcprequestfastretransmits
- TCP. flags. SYN = = 1 Tcp.flags.syn==1
Если вы хотите отфильтровать захват для определенного поля и не знаете синтаксис этого фильтра, просто щелкните его правой кнопкой мыши и выберите команду Добавить выбранное значение для отображения фильтра. If you want to filter the capture for a specific field and do not know the syntax for that filter, just right-click that field and select Add the selected value to Display Filter.
Трассировки сети, собранные с помощью команд netsh , встроенных в Windows, имеют расширение ETL. Network traces which are collected using the netsh commands built in to Windows are of the extension «ETL». Тем не менее, эти файлы ETL можно открыть в сетевом мониторе для дальнейшего анализа. However, these ETL files can be opened using Network Monitor for further analysis.