what’s new in network monitor 3.4?

WHAT’S NEW IN NETWORK

MONITOR 3.4?

User Interface Refresh Parser Configuration Manager Column Management Color Rules Window Layouts Separate Capture Dialog “Live” Experts Alias Updates Fixed-Width Font

Parser Configuration Management

Multiple Parser Profiles Built During Install Quickly Switch Between Parser Profiles

Ex: Locate traffic with Default Parser, switch to Windows for more detail.

Parser Profiles

Parsing Completeness

Performance

Shallow CompleteFast

Slow

Pure

Default

Fast

Windows

HPC

The more detail you get, the slower filtering and loading is.

Parser Profiles

The Default is the currently enabled profile

You can also set Active Profile from Parser Profile Button

Create New Parser Profile to customize.

Create from existing and automatically include “Network Monitor 3/Parser” directory

Parser Profiles A Parser Profile defines where Network

Monitor goes to load parsers

Directory List determines where parser files are loaded from. The first instance of an NPL file is discovered from walking this list.

Parser Profiles

Other Parsers AvailableSQL BrowserOffice and OCS

http://www.CodePlex.com/NMParsersBe sure to check the following link for latest parser updates

High Performance Capturing

Primarily used automatically with High Perf Capture Feature. Only parse through TCP.

Faster Parsing Optimized Parser set with limited parsing, but includes TCP, HTTP, DNS, DHCP

Default – Includes more common parsers including SMB, SMB2 and LDAP

Windows Includes all Window Protocol Parsers. Very complete.

Columns Management Multiple, Selectable Column Layouts All Layouts User Customizable Includes HTTP and TCP Troubleshooter Auto-Selected Based On Capture Type

See Time Zone UTC for more info

Columns Management

Columns Management Original Add/Remove Column Unchanged Columns Button Added Remove Column by Right Clicking

Columns Management Column Layout Based on File Type Applied to Frame Summary Window All Layouts Can be Modified and Saved Two Extra Layouts

HTTP Troubleshooter

TCP Troubleshooter

Color Rules Create via Right Click Dropdown Button on Frame Summary Bar

Color Rules

Load, Save and Distribute Color Rules (.nmcf file)

Enable/Disable each rule

Append loaded rules to start or end

Priority is configurable, determined by order

Windows Layouts Three Layouts Each Customizable

Simple Diagnostic

Developer

Separate Capture Dialog Windows Moved for more Vertical Space Combines Capture Filter/Network Selection Capture Filter, Separate, Floating Window

“Live Experts” Experts now available with new Captures Save a SnapShot before calling Expert

Aliases Updates Auto Applies with Right Click Create Alias New Aliases Button

Fixed Width Font

Select this option to use fixed width font.

Before:

After:

Other New Features UTC Timestamps High Resolution Time Stamp Processing Tracking NMCap High Performance Capturing 802.11n WiFi and Raw IP Support Driver Capture Location API Driver Filtering API Parser Profiles

UTC Timestamps

Trace Reviewer in LA

Customer in NY

Event Viewer + Traces

2 pm EST

1pm CST

12pm MST

11am PST

NM3.3 trace would not match Event Viewer times, NM3.4 will.

Sends a trace and event logs to be analyzed

UTC Timestamps

Previously Time was Presented LocallyThe Time the Capture was TakenUnadjusted for the Trace Reviewer

Now “Time Date Local Adjusted” Presents Time in the Reviewers Context.Associate with other Time Adjusted Logs

You can revert back to old way!

UTC Timestamps

Time Date Local Adjusted column for traces taken with 3.4

Switching to NM 3.3 shows Local time column “Time of Day”

UTC TimestampsUse File, Properties to determine capture file stats, including time zone information.

High Resolution Time Stamp Now Microsecond Precision

NM3.4NM3.3

Processing Tracking in NMCap

Previously only Available in UI NMCap Can Now Capture Process Info! /CaptureProcesses to Enable

High Performance Capturing

FramesRoot

Capture

Parsed and

Filtered

Capture File

Previous Behavior – 3.3

Frames Back Up

High Performance Capturing Buffering to Disk adds Time and

Requires Machine Resources As Long as the Filter can Keep Up,

Better To Filter Before we Write to Disk

High Performance Capturing

FramesRoot

Capture

Parsed and

Filtered

Capture File

New Behavior – 3.4

Parse and FilteredUsing

Optimized Parser

Only filters with predetermined fields.Fields are fully qualified.i.e Frame.Ethernet.Ipv4.Tcp.Port==8080Standard Filters Available to Learn

Throttle

If High Perf Filtering Can’t Keep Up

We revert to buffering framesOnce we catch up, return to High Perf

Driver Capture Location

Place Driver at Top or Bottom of LWF Stack

Plays Better with other LWF DriversNLBNetwork Emulation Tool (NEWT)

Configured with Registry Setting

HKLM\System\CurrentControlSet\Services\nm3\LoadUpperLayers

Network Monitor 3 Resources Blog: Includes general help topics and

training videos. General Forums: For general questions about

using Network Monitor, Parsing Language, and the API.

Parser Updates: We update approximately monthly, so check frequently for updates.

Experts: Experts perform analysis on trace data directly from the UI.