Planning for Network Traffic Monitoring

Plan network traffic monitoring. Tools might include Network Monitor and System Monitor.

For this objective, you need to look at a network with a critical eye toward packet-level analysis. Although you do not need to know all the details about packet-level analysis, you are responsible for knowing how to troubleshoot networks and systems with the tools that Microsoft provides with the base-level operating system. Windows Server 2003 provides both System Monitor and Network Monitor. System Monitor resides in the Performance Management console, and Network Monitor must be installed separately after a default installation. You can install Network Monitor from the Windows Components Wizard under the Network Management Tools group .

System Monitor helps you to troubleshoot network issues, but few look to System Monitor for help. Why? People mainly don't look to it because they do not know that some of the network monitoring features are in it. For example, an MCP should know that System Monitor can monitor network card I/O, error packets, IP datagram error checking, and so on. You can use this tool to troubleshoot problems going in and going out of the network interface. This is a way for you to troubleshoot errors that may be coming from a bad NIC or from excessive broadcasts hitting your server. Having that many broadcasts hit your server could mean a network problem; you may need to replace a hub with a switch, for example. Either way, you can see why System Monitor is helpful.

Network Monitor, shown in Figure 2.5, captures frames , or packets, to and from the local computer and the network.

The four panes in Network Monitor report information about current network activity or a captured file:

• Graph pane ” This pane reports percentages of activity, in bar chart format.

• Session Stats pane ” This pane reports individual statistics of client-to-server activity during a capture or live activity.

• Station Stats pane ” This pane reports information on each workstation's activity on a network. Keep in mind that this is actually activity between the specific workstation and the server on which Network Monitor is installed when using the Windows Server 2003 version of Network Monitor.

• Total Stats pane ” This pane reports the totals of the stats for all the other panes.

Network Monitor, which comes with Windows Server 2003, is a protocol analyzer that allows you to "sniff" the network traffic traversing the network. This capability is important because, without a good picture of what is running through your network, you can't accurately talk about how to remove unneeded protocols, what protocols are creating problems, what protocols are incorrectly configured, or what network interface card repeatedly broadcasts packets because it has a hardware problem. All these issues, including an accurate statement of what your bandwidth utilization would be, are hidden from you without the use of Network Monitor.

One limitation of the Network Monitor is that it captures and contains only traffic sent to and from the computer in which it is installed. If you need a more robust solution, you can either use a third-party product such as Sniffer Pro or Ethereal. If you opt to move to a Microsoft solution, you must purchase Microsoft Systems Management Server (SMS), which can capture frames sent to or from any computer on which the Network Monitor driver is installed.