Transcript Whats New in Network Monitor 3.4?

User Interface Refresh
Parser Configuration Manager
 Column Management
 Color Rules
 Window Layouts
 Separate Capture Dialog
 “Live” Experts
 Alias Updates
 Fixed-Width Font

Parser Configuration Management
Multiple Parser Profiles
 Built During Install
 Quickly Switch Between Parser Profiles

 Ex: Locate traffic with Default Parser, switch to
Windows for more detail.
Parser Profiles
P
e
r
f
o
r
m
a
n
c
e
Windows
Slow
Default
Fast
HPC
Pure
The more detail
you get, the
slower filtering
and loading is.
Fast
Shallow
Complete
Parsing Completeness
Parser Profiles
Create New
Parser Profile to
customize.
Create from
existing and
automatically
include “Network
Monitor
3/Parser”
directory
The Default is
the currently
enabled profile
You can also
set Active
Profile from
Parser Profile
Button
Parser Profiles

A Parser Profile defines where Network
Monitor goes to load parsers
Directory List
determines where
parser files are loaded
from. The first
instance of an NPL file
is discovered from
walking this list.
Parser Profiles

High Performance
Capturing
Primarily used automatically with High Perf
Capture Feature. Only parse through TCP.
Faster Parsing
Optimized Parser set with limited parsing, but
includes TCP, HTTP, DNS, DHCP
Default –
Includes more common parsers including SMB,
SMB2 and LDAP
Windows
Includes all Window Protocol Parsers. Very
complete.
Other Parsers Available
 SQL Browser
 Office and OCS
Be sure to check the following link for latest parser updates
http://www.CodePlex.com/NMParsers
Columns Management
Multiple, Selectable Column Layouts
 All Layouts User Customizable
 Includes HTTP and TCP Troubleshooter
 Auto-Selected Based On Capture Type

 See Time Zone UTC for more info
Columns Management
Columns Management
Original Add/Remove Column Unchanged
 Columns Button Added
 Remove Column by Right Clicking

Columns Management
Column Layout Based on File Type
 Applied to Frame Summary Window
 All Layouts Can be Modified and Saved
 Two Extra Layouts

 HTTP Troubleshooter
 TCP Troubleshooter
Color Rules
Create via Right Click
 Dropdown Button on Frame Summary Bar


Color Rules
Enable/Disable
each rule
Append
loaded rules
to start or end
Load, Save and
Distribute Color
Rules (.nmcf file)
Priority is
configurable,
determined by
order
Windows Layouts
Three Layouts
 Each Customizable

Simple
Diagnostic
Developer
Separate Capture Dialog
Windows Moved for more Vertical Space
 Combines Capture Filter/Network Selection
 Capture Filter, Separate, Floating Window

“Live Experts”
Experts now available with new Captures
 Save a SnapShot before calling Expert

Aliases Updates
Auto Applies with Right Click Create Alias
 New Aliases Button

Fixed Width Font
Select this option
to use fixed width
font.
Before:
After:
Other New Features
UTC Timestamps
 High Resolution Time Stamp
 Processing Tracking NMCap
 High Performance Capturing
 802.11n WiFi and Raw IP Support
 Driver Capture Location
 API Driver Filtering
 API Parser Profiles

UTC Timestamps
Event
Viewer +
Traces
Trace
Reviewer in LA
NM3.3 trace
would not
match Event
Viewer times,
NM3.4 will.
11am
PST
Sends a
trace and
event logs
to be
analyzed
Customer in
NY
12pm
MST
1pm
CST
2 pm
EST
UTC Timestamps

Previously Time was Presented Locally
 The Time the Capture was Taken
 Unadjusted for the Trace Reviewer

Now “Time Date Local Adjusted”
 Presents Time in the Reviewers Context.
 Associate with other Time Adjusted Logs

You can revert back to old way!
UTC Timestamps
Time Date Local Adjusted column for traces taken with 3.4
Switching to NM 3.3 shows Local time column “Time of Day”
UTC Timestamps
Use File, Properties to
determine capture file
stats, including time
zone information.
High Resolution Time Stamp

Now Microsecond Precision
Processing Tracking in NMCap
Previously only Available in UI
 NMCap Can Now Capture Process Info!
 /CaptureProcesses to Enable

High Performance Capturing
Previous Behavior – 3.3
Frames
Root
Capture
Parsed
and
Filtered
Capture
File
High Performance Capturing
Buffering to Disk adds Time and
Requires Machine Resources
 As Long as the Filter can Keep Up,
Better To Filter Before we Write to Disk

High Performance Capturing
New Behavior – 3.4
Once
We
If High
revert
wePerf
catch
to Filtering
up,
buffering
return
Can’t to
Keep
High
frames
UpPerf
Root
Capture
Frames
Throttle
Parse and
Filtered
Using
Optimized
Parser
Parsed
and
Filtered
Capture
File
Only filters with predetermined fields.
Fields are fully qualified.
i.e Frame.Ethernet.Ipv4.Tcp.Port==8080
Standard Filters Available to Learn
Driver Capture Location
Place Driver at Top or Bottom of LWF
Stack
 Plays Better with other LWF Drivers

 NLB
 Network Emulation Tool (NEWT)

Configured with Registry Setting
HKLM\System\CurrentControlSet\Services\nm3\LoadUpperLayers
Network Monitor 3 Resources
Blog: Includes general help topics and
training videos.
 General Forums: For general questions about
using Network Monitor, Parsing Language,
and the API.
 Parser Updates: We update approximately
monthly, so check frequently for updates.
 Experts: Experts perform analysis on trace
data directly from the UI.
