locked
What protocols are captured by MS Network Monitor? RRS feed

  • Question

  • Before installing Network Monitor I would like to know what protocols it captures. I'm already using Wireshark which doesn't capture everything. I want to see as complete a picture as possible of what other computers my computer is communicating with over the internet. My thought is to use both together if MS Network Monitor shows traffic Wireshark can't. I'm using Vista Ultimate SP2 on a pc. Thanks.
    Wednesday, January 12, 2011 3:13 PM

All replies

  • Network Monitor will capture all traffic that passes through NDIS.  The capture driver installs as an NDIS light wieght filter.  By default it will capture traffic that is directed to your machine, but will not see traffic that is intended for another computer.  If you enable promiscious mode for the adapter, you can then see all traffic that appears at the NIC.  But keep in mind that Routers and Smart Hubs will block traffic based on the destination to avoid congestion.  There may be a way to configure the router to forward traffic to a specific interface so that you can see this traffic.

    Wireshark has the same option to enable promicous mode traffic I believe.  But the same limitations for how the router handles this traffic applies.

    Paul

    • Proposed as answer by Paul E Long Tuesday, January 18, 2011 7:20 PM
    Wednesday, January 12, 2011 4:42 PM