Many of my colleagues use tools like Wireshark or Ethereal to capture network packets, but I can honestly say that I prefer Microsoft’s “native” tool over the 3rd party alternatives.
Early on, there was no competition. NetMon was lacking in many key features, but over the years (especially since version 3x) it’s gotten a lot better.
My favorite feature is NetMon’s ability to group traffic by the application that generated it. To my knowledge, Wireshark and Ethereal cannot do this. The feature is of course useful when you want to quickly locate traffic from a source without first filtering on ports and addresses.
So as mentioned in the title, version 3.4 of Network Monitor was released today! You can download it for yourself here:
If you have an earlier version installed, you do not need to uninstall. The 3.4 installer will upgrade it.
For more information about Network Monitor, including this version, stop by the NetMon blog here: http://blogs.technet.com/b/netmon
I have not seen any release notes published on the web, but you can find them, including a “What’s new” within the program installation directory.
I’ll save you the trouble by listing them here:
—————————————–
What’s New in Network Monitor 3.4
—————————————–• User Interface Refresh: The Network Monitor UI has evolved. New features
have been added and previously hard-to-find features have been made more
readily available:
• Parser Configuration Management: Parsers are now installed with profiles
that allow you to easily switch between parser configurations with the
Parser Profiles toolbar button. These configurations are also cached,
removing the need to recompile when you switch between them.
• Column Management: Network Monitor will automatically choose a column layout
based on the type of file being opened. This column layout is applied to the
Frame Summary Window. This layout can be modified and saved for future use.
In addition, two extra layouts for HTTP and TCP diagnostics are included.• Color Rules: Network Monitor can now save sets of Color Rules to files for
easy sharing. You can also right-click in the Frame Summary and Frame Details
windows to add a new Color Rule.• Window Layout Dropdown: The new window layout dropdown provides multiple
configurations for window arrangement. You can move windows by holding down
the Shift key while clicking on their title bars. Arrangements are saved
for each of the three layout options. The Restore Default Layout option
will reset the currently selected layout back to the default.
• “Live” Experts: Experts can now be run during a live capture session. Also,
experts that have been recently installed now appear automatically in the
Experts menu, without requiring you to open another tab.
• Fixed-Width Font: You can now use a fixed-width font in the Frame Summary window.
• Auto-Apply Aliases: Aliases are now automatically applied and re-applied
when created using the right-click add-to-alias feature.
• High Performance Filtering: Network Monitor will now enter a high-performance
capturing mode when you specify fully qualified capture filters with certain
fields in the UI or nmcap (e.g. Frame.Ethernet.IPv4.TCP.Port == 8080).
• UTC Timestamps: Network Monitor will now capture and save Time Zone related
information in a trace. By default, traces opened with Time Zone information
will automatically have times adjusted to your local Time Zone. The original
time or Time Zone can be viewed by adding the “Time and Date” column or viewing
the Properties under the File menu.
• 802.11n & Raw IP Frame Support – Network Monitor now supports monitor mode on
802.11n network on Microsoft Windows Vista SP1 and later operating systems as
well as Raw IP Frames on Microsoft Windows 7.• Process Tracking in NMCap: It is now possible to capture process tracking
information in the NMCap command-line tool. It will automatically be enabled
when using a filter, or can be manually enabled using the “/CaptureProcesses” flag.
Mike Crowley's Whiteboard 