| Network Monitor is made up of two primary components: Network Monitor and the Network Monitor driver. Like most other configuration and management tools in Windows Server 2003, you can run the Network Monitor from the command line. This is a more difficult and advanced method of performing captures, but it offers the advantage of letting you script commands to be executed on multiple computers with little effort. The basic syntax of using the Network Monitor (netmon) from the command line is presented here and explained in more detail in Table 15. start netmon [/net Number] [/capturefilter Path] [/displayfilter Path [/buffersize Number] [/quickfilter {ATM | ETHERNET | IP | IPX | VINES | TOKENRING | FDDI}, Address] [/quickfiltername FilterName][/autostart] [/autostop]
Table 15. netmon Command-Line SwitchesSwitch | Description |
|---|
/net Number | Allows you to specify the number of the network from which you want to capture data. You can specify any network segment to which the computer is connected. | / capturefilter Path | Allows you to specify a saved capture filter to be used. Can be abbreviated as /cf Path. | /displayfilter Path | Allows you to specify a display filter to be used. Can be abbreviated as /df Path. | /buffersize Number | Allows you to specify the size (in megabytes) of the capture buffer. | /quickfilter {ATM | ETHERNET | IP | IPX | VINES | TOKENRING | FDDI}, Address | Specifies that only frames of a particular type and from a particular address should be captured. You are allowed to specify up to three types at one time. Can be abbreviated as /qf {ATM | ETHERNET | IP |IPX | VINES | TOKENRING | FDDI}, Address. | /quickfiltername FilterName | Allows you to specify the name of the filter you use with the /quickfilter command. Can be abbreviated as /qfn FilterName and is not used if no /quickfilter options are specified. | /autostart | Instructs Network Monitor to begin capturing data at interface startup. | /autostop | Instructs Network Monitor to stop capturing data when the capture buffer is full. |
The System Monitor can be used to monitor and create a baseline of network interface statistics. The following counters are listed under the Network Interface performance object: Bytes Received/sec Bytes Sent/sec Bytes Total/sec Current Bandwidth Output Queue Length Packets Outbound Discarded Packets Outbound Errors Packets Received Discarded Packets Received Errors Packets Received Non-Unicast/sec Packets Received Unicast/sec Packets Received Unknown Packets Received/sec Packets Sent Unicast/sec Packets Sent/sec Packets/sec
The following are some of the most common causes of bottlenecks that you might encounter while troubleshooting a network: The current level of provided resources is inadequate, thus requiring additional or upgraded resources to be added to the network. The available resources are not being utilized evenly, thus requiring that some form of load balancing be implemented. An available resource is malfunctioning or stopped and needs to be repaired or restarted. An available resource is incorrectly configured, thus requiring a configuration correction.
The following are some basic network configuration tips that you can check while troubleshooting and correcting network-related problems: As often as possible, ensure that resources are located on the same physical subnet as the users using the resource. Uninstall or unbind network protocols that are not in use. Configure the network protocol binding order to place the most commonly used protocols higher on the list. Use multiple network adapters in high-use servers to increase effective network throughput.
When creating a Counter Log, you can choose what log file format you want to use, as detailed in Table 16. Table 16. Counter Log File Format OptionsOption | Description |
|---|
Text File (Comma Delimited) | This option defines a comma-delimited log file (with a .csvextension). | Text File (Tab Delimited) | This option defines a tab-delimited log file (with a .tsvextension). | Binary File | This option defines a sequential, binary-format log file (with a .blgextension). You should use this file format if you want to be able to record data instances that are intermittentthat is, data instances that stop and resume after the log has begun running. Only binary file formats can accommodate instances that are not persistent throughout the duration of the log. | Binary Circular File | This option defines a circular, binary-format log file (with a .blg extension). You should use this file format to continuously record data to the same log file, overwriting previous records with new data when the file reaches its maximum size. |
When creating a Counter Log, you can also choose what numbering system will be used, as detailed in Table 17. Table 17. Counter Log Numbering SystemsSystem | Example |
|---|
nnnnnn | Network Adapter Performance_000007.blg | mmddhh | Network Adapter Performance_042011.blg | mmddhhmm | Network Adapter Performance_04201126.blg | yyyyddd | Network Adapter Performance_2003111.blg | yyyymm | Network Adapter Performance_200304.blg | yyyymmdd | Network Adapter Performance_20030420.blg | yyyymmddhh | Network Adapter Performance_2003042011.blg |
For troubleshooting connectivity issues, the pathping command acts as the equivalent of the TRacert command by allowing you to identify which routers are in the path that the packets are taking. It also acts as the equivalent of the ping command by sending ping requests to all the routers over a specified time period and then computing statistics based on the packets returned from each router.pathping displays the amount of packet loss at each router or link, allowing you to determine which routers and links (subnets) might be causes of connectivity troubles. This is the basic syntax of the pathping command: pathping [-g host-list] [-h maximum_hops] [-i address] [-n] [-p period] [-q num_queries] [-w timeout] [-4] [-6] target_name
Table 18 explains the switches of the pathping command. Table 18. pathping SwitchesSwitch | Description |
|---|
-g host-list | Specifies that Echo Request messages are to use the Loose Source Route option in the IP header with the set of intermediate destinations specified in HostList. Successive intermediate destinations can be separated by one or multiple routers. HostList is a series of IP addresses (in dotted-decimal notation), separated by spaces. | -h maximum hops | Specifies the maximum number of hops in the path to search for the target. The default is 30 hops. | -i address | Specifies the source address. | -n | Specifies that addresses are not to be resolved to hostnames. | -p period | Specifies the number of milliseconds to wait between consecutive pings. The default is 250 milliseconds. | -q num queries | Specifies the number of Echo Request messages sent to each router in the path. The default is 100. | -w timeout | Specifies the number of milliseconds to wait for each reply. The default is 3,000 milliseconds. | -4 | Specifies that pathping use IPv4 only. | -6 | Specifies that pathpinguse IPv6 only. | Target name | Specifies the destination, either by IP address or hostname. |
Server services can be configured with recovery options for the first, second, and all subsequent failure events the service experiences. These are the available options: Take No Action No recovery actions will be taken if the service fails. Restart the Service The service will stop and then start again. Run a Program A program, script, or batch file can be run. Restart the Computer The computer will be shut down and restarted.
| 