3. Capturing Network Traffic Between Computers
As outlined previously, Network Monitor
enables you to capture wireless, remote, local area network (LAN), and
wide area network (WAN) traffic using a remote agent. In some cases,
network administrators want to diagnose or monitor a conversation
between two computers. The steps necessary to monitor traffic between
two different computers are outlined in the following list.
To capture network traffic between two different computers using IPv4 source and destination addresses, as shown in Figure 5, follow these steps:
1. In Network Monitor, click the New Capture button on the left.
2. Click the Capture Settings button. Click Load Filter, Standard Filters.
3. Select Addresses, and then IPv4 Addresses.
4. Edit the filter to
specify the IP addresses that should be filtered in the Capture Filter
window (for example, 192.168.0.100 and Any).
5. Click the Apply button in the Capture Filter pane, and then click Close.
6. Click the Start button on the main Network Monitor menu bar or press the F5 key to start the capture.
Figure 5. Network Monitor capture of network traffic between two IP addresses.
4. Parsing Captured Network Traffic Data
Parsing captured data allows the information
to be converted into a format that is more legible to the naked eye.
Parsing captured data makes analysis of the captured data easier—in
fact, it’s almost essential.
To modify parsing of captured data in Network Monitor, follow these steps:
1. With a capture running or loaded from a saved file, select the Parsers tab in Network Monitor, as shown in Figure 6.
Figure 6. Parsers tab of Network Monitor.
2.
Expand the appropriate parsing category and double-click the desired
parser to load the parser code into the editor. Parsers use Network
Monitor Parser Language (NPL), a simple-to-use language. Help for NPL
is included in the Network Monitor Help file.
