Windows 7 is launched, so that you no longer have to bother to find third-party vendors' network monitor programs. The win7 system itself has provided a very good network monitor program. Let's take a look at using Network Monitor in win7.
1, network data flow
Network Monitor monitors the network data stream, which is composed of all the information transmitted through the network at any given time. Information is split into smaller blocks by network software before transmission, and these small blocks are called frames or packets.
Some blocks contain data that Network Monitor can use to answer network problems. For example, by examining the target address, it can be determined whether the frame is a broadcast frame indicating whether all hosts must receive and process, or a direct transmission frame sent to the designated host. By analyzing the frame, the exact cause of the frame can be determined, which helps to determine if the service that produced the frame type can be optimized.
2, capture network data flow
Network monitor copy frame process is called capture, you can capture all network traffic sent to the local network card or from the local network card, you can also set the stomach. A capture filter to Capture a subset of frames. You can also specify a set of conditions to trigger an event for Network Monitor to capture a filter. By using triggers, Network Monitor can respond to events on the network.
If you want to capture frames from a specific computer on the network, specify one or more address pairs in the capture filter. You can monitor up to four specific address pairs simultaneously. The address pair consists of the following parts:
(1) The addresses of the two computers that wish to monitor their communication.
(2) An arrow specifying the direction of communication that you want to monitor.
3, install and use network monitors
Use Network Monitor to capture and display frames (also called packets) received from a local area network (LAN) by a computer running Windows 7. Network administrators can use Network Monitor to detect and resolve network problems that may be encountered on the local computer. The network monitor needs to have the following three parts to work properly:
(1) Network Monitor component: It is composed of the network management system management tool and the network monitor driver network protocol. You must install all of these components.
(2) Network Monitor: Use Network Monitor to capture and display the data frames received from the LAN by the computer running win7.
(3) Network Monitor Driver: The Network Monitor driver allows the Network Monitor to receive frames from the NIC and allows users of the Network Monitor version provided by the Microsoft Systems Management Server to capture and display frames from remote computers. This includes frames obtained through a dial-up network connection.
After understanding the basics of Network Monitor, we can use it to work for us.
(1) Design Capture Filters
To design a capture filter, specify a decision statement in the "Capture Filter" dialog box. This dialog shows the decision tree for the filter, which is a graphical representation of the filter logic. The decision tree reflects these specifications when you include or exclude information from the capture specification.
(2) Filter by Protocol
To capture frames sent using a specific protocol, first capture the SAP/ETYPE specification protocol of the filter. For example, if you want to capture only IP frames, disable all protocols and enable IPETYPE0x800 and IPSAP0x6. By default, all protocols supported by Network Monitor are enabled.
(3) Filter by address
Assuming the network has two computers named YH and Anne, to capture all communications from the YH computer (except for communication from YH to Anne), use the following capture filter address Part: AddressesincludeYH<—>AnyexcludeYH<——>Anne. If there is no Include line, then your_compiUer<——>Any is used by default. If you want to capture changes in frames over a certain period of time, you can select the “Start” option in the “Capture" menu until you want to end the capture, click the “Stop” button for a while All the network communication has been recorded. Now let's take a look and click on the “Capture” option to select the “Captured Data” option, and the capture frame will appear. Here you can clearly see the time to capture the frame, the source MAC address, the destination MAC address, the usage protocol, other source addresses, other target source addresses, and other types of address options.
(4) Filtering through data patterns
By specifying pattern matching in the capture filter, you can limit the capture of frames that contain only specific patterns of ASCII or hexadecimal data.
(5) Using Display Filters
Like the capture filter, the display filter function is like a database query, allowing you to select specific types of information. The trick is because the display filter operates on the captured data, so it does not affect the content in the network monitor capture cache. Use the display filter to determine which frames are displayed.
(6) Display captured data
Network Monitor simplifies the data analysis process by interpreting the raw data collected during the capture process and displaying the data in the "frame viewer" window.