After 2 years of development, Microsoft has released a completely new version of their protocol analysis tool "Network Monitor". The Windows x86 & x64 versions are both available from Microsoft Connect. (sign-up required)
Key features of Microsoft Network Monitor 3.0 (NetMon3) include:
- Near-real-time capture and display of network packets on multiple NICs at the same time
- Multiple simultaneous capture and display filters
- Promiscuous and Local mode only capturing options
- Display Filters can use different machine network settings to customize the displayed frames. E.g. IPv4.Address ==IPCONFIG.LocalIPv4Address (This display filter will show different frames for the same capture file based on the Local Machine’s IPv4 address)
- Conversations: A conversation is a logical group of frames that are related to each other at a specific protocol level.
o Conversation Tree lets you narrow down traffic easiero Conversations for more than just TCP, so you can "Follow" any conversation streamo Conversations are NOT limited to "connection-oriented" protocols such as TCP.
- Color filters: display frames with specified properties in a different color and format options
- Windows Vista and 64-bit support (for AMD64 and Intel em64T platforms)
- Re-assembly of frames on a per-protocol basis
- Multi-threaded so you can still use the parser while loading a capture or filtering
- Powerful command line capturing (NMCap.exe)
- Script-based parsers! NPL (Network Parsing Language) provides access to parsers so you can edit or write your own protocol parser!
Additional Resources:
- Network Monitor Team Blog
- Network Monitor Newsgroup "betanews.microsoft.com" (create ID & Password when downloading)
The Road to Know Where 