locked
how to export Network Monitor 3.4 data to csv RRS feed

  • Question

  • I want to get a list of all computers communicating with my server with TCP or UDP and what port. I can capture all traffic using Network Monitor, but how can I extract just the information I want? I don't need every packet, just to know if an IP address has ever communicated with my server using what protocol. I figure on running this for a few weeks at a time.

    Any idea or direction? It could be something other than Network Monitor if you know any way to do this.

    Wednesday, September 24, 2014 6:42 PM

Answers

  • You can extract data using Copy & Paste, which will result in tab separated (TSV) format.  You can paste directly into Excel.

    We also have Message Analyzer (http://blogs.technet.com/MessageAnazlyer), which has an option to display a chart to show you this information.  Once you have your trace open, select New Viewer from the ribbon and choose Top TCP/UDP Conversations.  You'll get a chart listing every TCP/UDP conversation and the protocol for known ports will show up next to each conversation. You also see total bytes, count of messages and throughput information, however this is only completely accurate when you set the Transport viewpoint from the Viewpoints section of the ribbon.  This is because of how we limit noise in the default display by automatically reassembling the data to limit the noise.

    Paul

    • Marked as answer by notRoman Thursday, September 25, 2014 6:04 PM
    Thursday, September 25, 2014 1:05 PM

All replies

  • You can extract data using Copy & Paste, which will result in tab separated (TSV) format.  You can paste directly into Excel.

    We also have Message Analyzer (http://blogs.technet.com/MessageAnazlyer), which has an option to display a chart to show you this information.  Once you have your trace open, select New Viewer from the ribbon and choose Top TCP/UDP Conversations.  You'll get a chart listing every TCP/UDP conversation and the protocol for known ports will show up next to each conversation. You also see total bytes, count of messages and throughput information, however this is only completely accurate when you set the Transport viewpoint from the Viewpoints section of the ribbon.  This is because of how we limit noise in the default display by automatically reassembling the data to limit the noise.

    Paul

    • Marked as answer by notRoman Thursday, September 25, 2014 6:04 PM
    Thursday, September 25, 2014 1:05 PM
  • Great! Copy and paste. I just hadn't thought of that. This interface does not look like that would work. I think I need to come up with some capture filters to prevent having to copy and paste a million rows, but I'll try that. Thanks. 

    And eventually, I'll have to try Message Analyzer, but you know, with pain the *** change management processes it's a hassle.

    Thursday, September 25, 2014 6:04 PM