Netmon - Microsoft's free network protocol analyzer details

Question

Microsoft Network Monitor is a free network protocol analyzer utility that runs on Windows, which allows you to view and capture network related protocol traffic.  In many cases, when you are posting questions on the Open Specifications support forums, a capture will be required if the on-the-wire packet behavior does not match the documentation.  At the very least, NM will help Microsoft protocol support team members quickly understand your request. 

Submitting a NM Capture:

You can gather traces and analyze the data using the latest version of NM.  Future versions of NM will include parsers for Windows Protocol Documents. The latest version of NM is available here:

http://go.microsoft.com/fwlink/?LinkID=103158&clcid=0x409

The latest Windows parsers are availalbe from CodePlex.  Where are also Office parsers availalbe on the download center.  Follow the link below for more information:

http://blogs.technet.com/b/netmon/p/downloads.aspx

Support for NM:

For questions about using Network Monitor, the API or the Parsers please visit our forums here:

http://social.technet.microsoft.com/Forums/en/netmon/threads

Our team also has a blog at http://blogs.technet.com/netmon/default.aspx, which contains helpful tips on filtering, capturing, and many other topics.

NM3 was designed with Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and future operating systems in mind.  For earlier operating systems, you can also use Wireshark (www.wireshark.org), or your favorite capture utility, as long as you can save in Netmon 2.x format or pcap version 2.4.