DOCUMENT:Q232247 10-AUG-2001 [winnt] TITLE :Using Network Monitor to Capture Traffic Using a Remote Agent PRODUCT :Microsoft Windows NT PROD/VER::3.1,3.5,3.51,4.0 OPER/SYS: KEYWORDS: ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows NT Server versions 3.1, 3.5, 3.51, 4.0 - Microsoft Windows NT Server, Enterprise Edition version 4.0 - Microsoft Windows NT Workstation versions 3.1, 3.5, 3.51, 4.0 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows 98 Second Edition ------------------------------------------------------------------------------- SUMMARY ======= Microsoft Network Monitor gives you the capability to connect to other computers and capture traffic from another computer. You can do this across a router or a Remote Access Service (RAS) connection. MORE INFORMATION ================ The two primary components of Network Monitor are the Network Monitor Agent and the user interface. The Network Monitor Agent binds to the user interface and passes traffic up to the program. The Network Monitor Agent can run on any compatible computer while the program is running on a separate computer. How to Use Network Monitor Agent on a Second Computer ----------------------------------------------------- On the Network Monitor Agent host computer: 1. Install the Network Monitor Agent (in Control Panel, click Network, click Services, click Add, and then click Network Monitor Agent). 2. In Control Panel, click Services, click Network Monitor Agent, and then click Start. (If you want the Network Monitor Agent to start when the computer starts, click Startup, and then click Automatic.) To connect to a remote Network Monitor Agent: 1. Start Network Monitor. 2. From the Capture menu, click Networks. 3. Click the name of the remote connection, and then click Connect. NOTE: Until you make a connection, this entry is REMOTE. After you make a connection, REMOTE is replaced by the NetBIOS name of the remote computer. 4. In the Agent Name box, specify the name of the agent to which you are connecting. This name is the NetBIOS name of the remote computer. A universal naming convention (UNC) path name is not required. 5. In the User Comment box, click a comment to associate with the agent name you specified. This comment is displayed when users attempt to connect to the Network Monitor Agent. 6. In the Agent Status Update Frequency dialog box, specify the frequency (in seconds), in which you want the statistics from the remote capture displayed on your local computer. This number must be between 1-65 (the default is 2). 7. Click the Slow Link option. This option extends the period of time that your connection can be idle before Network Monitor concludes that the connection is unsuccessful and disconnects from the Network Monitor Agent. This option is recommended for all asynchronous connections. 8. Click Connect. If the Network Monitor Agent on the remote computer is password protected, you are prompted to type a password. If the Network Monitor Agent is running on a computer with only one network adapter installed, Network Monitor connects to that network adapter. If the Network Monitor Agent is installed on a computer that is multihomed, a dialog box that lists the network adapters installed is displayed. An asterisk appears next to the network adapter that Network Monitor used to make the connection to the remote computer. This network adapter is connected to the same network segment to which you are connected. Unless you want to capture statistics from your own your local network segment, you should select one of the other network adapters that is displayed. 9. Click Capture/Start to begin capturing data. REFERENCES ========== For additional information, please see the following article in the Microsoft Knowledge Base: Q148942 How to Capture Network Traffic with Network Monitor Additional query words: netmon nm bh bloodhound sniff trace ====================================================================== Keywords : Technology : kbWinNTsearch kbWinNTWsearch kbWinNTW400 kbWinNTW400search kbWinNT351search kbWinNT350search kbWinNT400search kbWinNTW350 kbWinNTW350search kbWinNTW351search kbWinNTW351 kbWinNTW310 kbWinNTSsearch kbWinNTSEntSearch kbWinNTSEnt400 kbWinNTS400search kbWinNTS400 kbWinNTS351 kbWinNTS350 kbWinNTS310 kbWinNTS351search kbWinNTS350search kbWinNTS310search kbWin95search kbWin98search kbWin98SEsearch kbWinNT310Search kbWinNTW310Search kbZNotKeyword3 kbWin98 kbWin98SE Version : :3.1,3.5,3.51,4.0 Issue type : kbinfo ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2001.