Whats New in Network Monitor 3.4?
Download
Report
Transcript Whats New in Network Monitor 3.4?
User Interface Refresh
Parser Configuration Manager
Column Management
Color Rules
Window Layouts
Separate Capture Dialog
“Live” Experts
Alias Updates
Fixed-Width Font
Parser Configuration Management
Multiple Parser Profiles
Built During Install
Quickly Switch Between Parser Profiles
Ex: Locate traffic with Default Parser, switch to
Windows for more detail.
Parser Profiles
P
e
r
f
o
r
m
a
n
c
e
Windows
Slow
Default
Fast
HPC
Pure
The more detail
you get, the
slower filtering
and loading is.
Fast
Shallow
Complete
Parsing Completeness
Parser Profiles
Create New
Parser Profile to
customize.
Create from
existing and
automatically
include “Network
Monitor
3/Parser”
directory
The Default is
the currently
enabled profile
You can also
set Active
Profile from
Parser Profile
Button
Parser Profiles
A Parser Profile defines where Network
Monitor goes to load parsers
Directory List
determines where
parser files are loaded
from. The first
instance of an NPL file
is discovered from
walking this list.
Parser Profiles
High Performance
Capturing
Primarily used automatically with High Perf
Capture Feature. Only parse through TCP.
Faster Parsing
Optimized Parser set with limited parsing, but
includes TCP, HTTP, DNS, DHCP
Default –
Includes more common parsers including SMB,
SMB2 and LDAP
Windows
Includes all Window Protocol Parsers. Very
complete.
Other Parsers Available
SQL Browser
Office and OCS
Be sure to check the following link for latest parser updates
http://www.CodePlex.com/NMParsers
Columns Management
Multiple, Selectable Column Layouts
All Layouts User Customizable
Includes HTTP and TCP Troubleshooter
Auto-Selected Based On Capture Type
See Time Zone UTC for more info
Columns Management
Columns Management
Original Add/Remove Column Unchanged
Columns Button Added
Remove Column by Right Clicking
Columns Management
Column Layout Based on File Type
Applied to Frame Summary Window
All Layouts Can be Modified and Saved
Two Extra Layouts
HTTP Troubleshooter
TCP Troubleshooter
Color Rules
Create via Right Click
Dropdown Button on Frame Summary Bar
Color Rules
Enable/Disable
each rule
Append
loaded rules
to start or end
Load, Save and
Distribute Color
Rules (.nmcf file)
Priority is
configurable,
determined by
order
Windows Layouts
Three Layouts
Each Customizable
Simple
Diagnostic
Developer
Separate Capture Dialog
Windows Moved for more Vertical Space
Combines Capture Filter/Network Selection
Capture Filter, Separate, Floating Window
“Live Experts”
Experts now available with new Captures
Save a SnapShot before calling Expert
Aliases Updates
Auto Applies with Right Click Create Alias
New Aliases Button
Fixed Width Font
Select this option
to use fixed width
font.
Before:
After:
Other New Features
UTC Timestamps
High Resolution Time Stamp
Processing Tracking NMCap
High Performance Capturing
802.11n WiFi and Raw IP Support
Driver Capture Location
API Driver Filtering
API Parser Profiles
UTC Timestamps
Event
Viewer +
Traces
Trace
Reviewer in LA
NM3.3 trace
would not
match Event
Viewer times,
NM3.4 will.
11am
PST
Sends a
trace and
event logs
to be
analyzed
Customer in
NY
12pm
MST
1pm
CST
2 pm
EST
UTC Timestamps
Previously Time was Presented Locally
The Time the Capture was Taken
Unadjusted for the Trace Reviewer
Now “Time Date Local Adjusted”
Presents Time in the Reviewers Context.
Associate with other Time Adjusted Logs
You can revert back to old way!
UTC Timestamps
Time Date Local Adjusted column for traces taken with 3.4
Switching to NM 3.3 shows Local time column “Time of Day”
UTC Timestamps
Use File, Properties to
determine capture file
stats, including time
zone information.
High Resolution Time Stamp
Now Microsecond Precision
Processing Tracking in NMCap
Previously only Available in UI
NMCap Can Now Capture Process Info!
/CaptureProcesses to Enable
High Performance Capturing
Previous Behavior – 3.3
Frames
Root
Capture
Parsed
and
Filtered
Capture
File
High Performance Capturing
Buffering to Disk adds Time and
Requires Machine Resources
As Long as the Filter can Keep Up,
Better To Filter Before we Write to Disk
High Performance Capturing
New Behavior – 3.4
Once
We
If High
revert
wePerf
catch
to Filtering
up,
buffering
return
Can’t to
Keep
High
frames
UpPerf
Root
Capture
Frames
Throttle
Parse and
Filtered
Using
Optimized
Parser
Parsed
and
Filtered
Capture
File
Only filters with predetermined fields.
Fields are fully qualified.
i.e Frame.Ethernet.Ipv4.Tcp.Port==8080
Standard Filters Available to Learn
Driver Capture Location
Place Driver at Top or Bottom of LWF
Stack
Plays Better with other LWF Drivers
NLB
Network Emulation Tool (NEWT)
Configured with Registry Setting
HKLM\System\CurrentControlSet\Services\nm3\LoadUpperLayers
Network Monitor 3 Resources
Blog: Includes general help topics and
training videos.
General Forums: For general questions about
using Network Monitor, Parsing Language,
and the API.
Parser Updates: We update approximately
monthly, so check frequently for updates.
Experts: Experts perform analysis on trace
data directly from the UI.