Before the Win7 system was officially launched, a lot of users have to go through the Third-party vendors to find the Network Monitor program, in the Win7 officially launched after the trouble, the Win7 system itself provides such a good function, but still many users do not know what the Network Monitor program is doing, Let's get to know each other.
1, network data flow
Network Monitor monitors network data flows, which consist of all the information transmitted over the network at any given time. Before the information is transmitted, the network software is divided into smaller chunks called frames or packets.
Some blocks contain data that Network Monitor can use to troubleshoot network problems. For example, by examining the destination address, you can determine whether the frame indicates the broadcast frame that all hosts must receive and process, or the direct transmission frame sent to the specified host. By analyzing the frames, the exact cause of the frame can be determined, which helps to determine whether the service that produces the frame type can be optimized.
2. Capture network data stream
The process of replicating frames by Network Monitor is called capture, and you can capture all network traffic sent to or from your local network card, or you can set up your stomach. A capture filter to capture a subset of frames. You can also specify a series of conditions to trigger the Network Monitor capture filter event. By using triggers, Network Monitor can respond to events on the network.
If you want to capture frames from a particular computer on the network, specify one or more address pairs in the capture filter. You can monitor up to four specific address pairs at the same time. The address pair consists of the following sections:
(1) The addresses of two computers for which you want to monitor communications.
(2) An arrow that specifies the direction of communication that you want to monitor.
3. Install and Use Network Monitor
You can use Network Monitor to capture and display frames (also known as packets) that the computer running Windows7 receives from the local area network (LAN). Network administrators can use Network Monitor to detect and troubleshoot network problems that may be encountered on the local computer. Network Monitor requires the following three sections to work correctly:
(1) Network Monitor component: is composed of Network Monitor's system management tool and Network Monitor driver's network protocol. You must install all these components.
(2) Network Monitor: Use Network Monitor to capture and display data frames that are received from the LAN by the computer running Win7.
(3) Network Monitor Driver: The Network Monitor driver allows Network Monitor to receive frames from the NIC, and allows users who use the version of Network Monitor provided by Microsoft System Management Server to capture and display frames from remote computers, including frames obtained over dial-up networking connections.
Once you know the basics of Network Monitor, we can use it to work for us.
(1) Design capture filter
To design a capture filter, specify the decision declaration in the Capture Filter dialog box. This dialog box shows the decision tree of the filter, which is a graphical representation of the filter logic. When you include or exclude information from the capture specification, the decision tree reflects these specifications.
(2) Filter by protocol
To capture frames sent using a specific protocol, you first capture the Sap/etype specified protocol for the filter. For example, if you want to capture only IP frames, disable all protocols, and then enable ipetype0x800 and ipsap0x6. By default, all protocols supported by Network Monitor are enabled.
(3) Filtering by address
Assuming that the network has two computers named YH and Anne, to capture all traffic from the YH computer (except traffic from YH to Anne), use the following capture Filter address section: Addressesincludeyh<->anyexcludeyh <-->anne. If there are no include rows, Your_compiuer<-->any is used by default. If you want to capture a frame change over a period of time, you can choose the "Start" option on the capture menu until you want to end the capture by clicking the "Stop" button, where all the network traffic has been recorded. Now let's take a look, click Capture to select the show captured Data option, and the capture frame screen appears. You can see clearly the time of the capture frame, the source MAC address, the destination MAC address, the use protocol, other source addresses, other target source addresses, and other type of address options.
(4) Filtering by Data mode
By specifying pattern matching in a capture filter, you can limit the capture of frames that contain only specific patterns of ASCII or hexadecimal data.
(5) using display filters
Like a capture filter, the display filter feature is like a database query, allowing you to select specific types of information. 佴 is because the display filter operates on data that has already been captured, so it does not affect the contents of the Network Monitor capture cache. Use a display filter to determine which frames are displayed.
(6) Display the captured data
Network Monitor simplifies the data analysis process by interpreting the raw data collected during the capture process and displaying the data in the Frame Checker window.
Some users will say that the Network Monitor program is like a riddle, it is difficult to understand, indeed, for the general user in peacetime is almost useless, but for users who need this is a treasure, I hope to be helpful to everyone.