Managing and Monitoring Network Traffic

As networks increase in size (because new services and applications are installed and network shares are created), traffic on a network can greatly increase. For example, adding a service such as DHCP increases traffic through the IP address lease and renewal process.

Remember that methods for optimizing network traffic include configuring the bindings and disabling unnecessary protocols and services.

Using a tool called Network Monitor , you can monitor and log network activity and then use the information to manage and optimize traffic. Network Monitor consist of two components :

• Network Monitor Driver The Network Monitor Driver is responsible for capturing the frames coming to and from a network adapter.

• Network Monitor Tools The Network Monitor tools are used to view and analyze the data captured by the Network Monitor Driver.

Installing Network Monitor

Network Monitor is not installed with Windows 2000 by default but can be installed using the following process. Installing Network Monitor automatically installs the Network Monitor Driver.

1. Within the Control Panel, select the Add/Remove Programs applet.

2. Click Add/Remove Windows Components.

3. Within the Windows Component wizard, select Management and Monitoring Tools and click the Details button.

4. Select the Network Monitor Tools check box (see Figure 5.9). Click OK.

   Figure 5.9. Installing the Network Monitor tools.

   

5. Click Next. Click OK.

Network Monitor should only be used by authorized users. To prevent unauthorized users from running it, when Network Monitor starts up, it can detect other instances on the network and display information such as the computer name , where the instance is installed, and the user currently logged onto the computer.

There may be instances when you only want to install the Network Monitor Driver. Installing the driver enables you to capture traffic on a network interface. You will then need to use software such as SMS to view the captured data. This is useful for capturing data from a number of servers and viewing the data from a central location. For example, a computer running Network Monitor Driver can capture the information and forward it to a SMS server. To install the Network Monitor Driver component only, perform the following steps:

1. Within the Network and Dial-up Connections applet, right-click the Local Area Connection and choose Properties from the pop-up menu.

2. From the Properties window for the Local Area Connection, click the Install button.

3. In the list, click Protocol and then click the Add button.

4. Within the Network Protocol window, click the Network Monitor Driver.

5. Click OK.

Using Network Monitor

Network Monitor can display a large amount of information about the frames captured to and from a network adapter card. When Network Monitor is first opened, four panes are displayed within the console. The Graph pane displays the network activity in a bar chart. The Session Stats pane displays information about individual sessions. The Station Stats pane displays statistics about the sessions in which the server is participating. The Total Stats pane displays summary statistics since the capture was started.

To view statistics about network traffic, you must first start a capture. To do so, click the Start option from the Capture menu. To view the captured data, click the Start and View option from the Capture menu. Network Monitor displays all the frame captures during the capture period with a Summary window. To view specific information about a frame, click the frame within the Summary window (see Figure 5.10).

Now when you run Network Monitor, all frames going to and from a computer are captured. If you're looking for specific types of traffic, you can create a capture filter to define which types of frames should be captured. To configure capture filters within Network Monitor, choose the Filter option from the Capture menu (see Figure 5.11).

From the Capture Filter window, you can create filters based on the following criteria:

• Protocol Allows you to specify the protocols to capture or the specific protocol properties.

• Address Pairs Specifies the computer addresses from which frames should be captured.

• Pattern Matches Allows you to configure different variables that captured frames should meet.

The network monitor supplied with Windows 2000 does not run in promiscuous mode. This means that it will intercept packets that are intended either to or from your computer. To get the full version of network monitor, you need SMS.