what’s new in network monitor 3.4?
DESCRIPTION
What’s New in Network Monitor 3.4?. User Interface Refresh. Parser Configuration Manager Column Management Color Rules Window Layouts Separate Capture Dialog “Live” Experts Alias Updates Fixed-Width Font. Parser Configuration Management. Multiple Parser Profiles Built During Install - PowerPoint PPT PresentationTRANSCRIPT
WHAT’S NEW IN NETWORK
MONITOR 3.4?
User Interface Refresh Parser Configuration Manager Column Management Color Rules Window Layouts Separate Capture Dialog “Live” Experts Alias Updates Fixed-Width Font
Parser Configuration Management
Multiple Parser Profiles Built During Install Quickly Switch Between Parser Profiles
Ex: Locate traffic with Default Parser, switch to Windows for more detail.
Parser Profiles
Parsing Completeness
Performance
Shallow CompleteFast
Slow
Pure
Default
Fast
Windows
HPC
The more detail you get, the slower filtering and loading is.
Parser Profiles
The Default is the currently enabled profile
You can also set Active Profile from Parser Profile Button
Create New Parser Profile to customize.
Create from existing and automatically include “Network Monitor 3/Parser” directory
Parser Profiles A Parser Profile defines where Network
Monitor goes to load parsers
Directory List determines where parser files are loaded from. The first instance of an NPL file is discovered from walking this list.
Parser Profiles
Other Parsers AvailableSQL BrowserOffice and OCS
http://www.CodePlex.com/NMParsersBe sure to check the following link for latest parser updates
High Performance Capturing
Primarily used automatically with High Perf Capture Feature. Only parse through TCP.
Faster Parsing Optimized Parser set with limited parsing, but includes TCP, HTTP, DNS, DHCP
Default – Includes more common parsers including SMB, SMB2 and LDAP
Windows Includes all Window Protocol Parsers. Very complete.
Columns Management Multiple, Selectable Column Layouts All Layouts User Customizable Includes HTTP and TCP Troubleshooter Auto-Selected Based On Capture Type
See Time Zone UTC for more info
Columns Management
Columns Management Original Add/Remove Column Unchanged Columns Button Added Remove Column by Right Clicking
Columns Management Column Layout Based on File Type Applied to Frame Summary Window All Layouts Can be Modified and Saved Two Extra Layouts
HTTP Troubleshooter
TCP Troubleshooter
Color Rules Create via Right Click Dropdown Button on Frame Summary Bar
Color Rules
Load, Save and Distribute Color Rules (.nmcf file)
Enable/Disable each rule
Append loaded rules to start or end
Priority is configurable, determined by order
Windows Layouts Three Layouts Each Customizable
Simple Diagnostic
Developer
Separate Capture Dialog Windows Moved for more Vertical Space Combines Capture Filter/Network Selection Capture Filter, Separate, Floating Window
“Live Experts” Experts now available with new Captures Save a SnapShot before calling Expert
Aliases Updates Auto Applies with Right Click Create Alias New Aliases Button
Fixed Width Font
Select this option to use fixed width font.
Before:
After:
Other New Features UTC Timestamps High Resolution Time Stamp Processing Tracking NMCap High Performance Capturing 802.11n WiFi and Raw IP Support Driver Capture Location API Driver Filtering API Parser Profiles
UTC Timestamps
Trace Reviewer in LA
Customer in NY
Event Viewer + Traces
2 pm EST
1pm CST
12pm MST
11am PST
NM3.3 trace would not match Event Viewer times, NM3.4 will.
Sends a trace and event logs to be analyzed
UTC Timestamps
Previously Time was Presented LocallyThe Time the Capture was TakenUnadjusted for the Trace Reviewer
Now “Time Date Local Adjusted” Presents Time in the Reviewers Context.Associate with other Time Adjusted Logs
You can revert back to old way!
UTC Timestamps
Time Date Local Adjusted column for traces taken with 3.4
Switching to NM 3.3 shows Local time column “Time of Day”
UTC TimestampsUse File, Properties to determine capture file stats, including time zone information.
High Resolution Time Stamp Now Microsecond Precision
NM3.4NM3.3
Processing Tracking in NMCap
Previously only Available in UI NMCap Can Now Capture Process Info! /CaptureProcesses to Enable
High Performance Capturing
FramesRoot
Capture
Parsed and
Filtered
Capture File
Previous Behavior – 3.3
Frames Back Up
High Performance Capturing Buffering to Disk adds Time and
Requires Machine Resources As Long as the Filter can Keep Up,
Better To Filter Before we Write to Disk
High Performance Capturing
FramesRoot
Capture
Parsed and
Filtered
Capture File
New Behavior – 3.4
Parse and FilteredUsing
Optimized Parser
Only filters with predetermined fields.Fields are fully qualified.i.e Frame.Ethernet.Ipv4.Tcp.Port==8080Standard Filters Available to Learn
Throttle
If High Perf Filtering Can’t Keep Up
We revert to buffering framesOnce we catch up, return to High Perf
Driver Capture Location
Place Driver at Top or Bottom of LWF Stack
Plays Better with other LWF DriversNLBNetwork Emulation Tool (NEWT)
Configured with Registry Setting
HKLM\System\CurrentControlSet\Services\nm3\LoadUpperLayers
Network Monitor 3 Resources Blog: Includes general help topics and
training videos. General Forums: For general questions about
using Network Monitor, Parsing Language, and the API.
Parser Updates: We update approximately monthly, so check frequently for updates.
Experts: Experts perform analysis on trace data directly from the UI.