How do I perform a network trace using NetMon?

A. To start Network Monitor select "Network Monitor" from the "Network Analysis Tools" Start menu Programs folder. Once started you will be presented with the initial trace dialog which is split into 4 main windows.

Click here to view image

Initially the trace will be for all hosts to all hosts however you will probably want to refine this using a filter as follows:

  1. From the Capture menu select Filter (or press F8)
  2. You will see and Address Pair entry of *ANY <--> *ANY. Select this line
  3. Click the Line button in the Edit area
  4. You will be shown a list of addresses the computer knows about, you may add new ones by clicking the "Edit Addresses" button.
  5. Select the host for station1 and station2 and the direction and click OK
  6. Click OK to the main dialog. You should see the *ANY <--> *ANY line has changed to the two nodes, e.g. LNTLL2 <--> LNPCSW0030

You are now ready to start the search by selecting Start from the Capture menu (or click F10). Once you have collected the data you require stop the search by selecting Stop from the Capture menu (or click F11). An alternative is to select Stop + View data which will stop the trace and show the captured data.

The normal method to display captured data is to select "Display Captured Data" from the Capture menu or click F12. A new dialog will be shown will all frames sent between the selected hosts. For more detail about a frame just double click it. It will then give the full frame information and content.

Click here to view image

Notice you can actually see the data that was sent and full IP and TCP headers can also be inspected. If you start another search it will ask if you want to save the current captured data. You can also manually save by selecting "Save As" from the File menu.

