Clik here to view.
Event Tracing for Windows and Network Monitor
Event Tracing for Windows, (ETW), has been around for quite a while now as it was introduced in Windows 2000. It's basically instrumented logging that describes what a component is doing. Conceptually,...
View ArticleClik here to view.
Windows 7 and ISA Remote Windows Sockets Parsers Available
If you don't already know, we have been updating the our parsers for Network Monitor on http://www.CodePlex.com/NMParsers every month. Most recently we have updated the Windows parser set to support...
View ArticleClik here to view.
Circling In Shark Waters
Last week I attended Sharkfest 09 at Stanford CA and I had a wonderful time. It was great to talk to other network geeks like me to better understand this community and see how various tools can be...
View ArticleClik here to view.
TCP Analyzer Expert: Make Your Network Run Faster
Performance problems suck...time! But years of "Where's Waldo" has trained our brains in preparation for this moment. The TCP Analyzer expert, available from our Experts Download Page[...
View ArticleClik here to view.
I Can't View My Windows Home Server at Home
I have a friend who just received his Windows Home Server. Home Server allows you to access it remotely so you can share photos, Remote Desktop and backup documents. The provided documentation includes...
View ArticleClik here to view.
Chained Captures and Stitching Them Back Together
When you use NMCap to capture data you have an option to save the capture files as a chain. As the current capture file format has a limited size, this option allows you to continually capture the data...
View ArticleClik here to view.
Delayed Write Failure Trace Study
In this "Trace Study”, we'll look at a case where the customer is seeing delayed write failures logged in the event log. Delayed write failures are reported when a file being written over the network...
View ArticleClik here to view.
SMB Opportunistic Locking Behavior
Behold the mysterious world of OpLocks (Opportunistic Locking). Often OpLocks will be disabled by a user or system administrator in order to help address a performance problem. And this practice might...
View ArticleClik here to view.
Using NMAPI to Access TCP Payload
The TCP Payload often carries data that you want to access directly using the Network Monitor API. Below I will detail how to do this using a simple C++ example and the NMAPI. Why Not add a TCP.Payload...
View ArticleClik here to view.
Network Monitor Videos on Channel 9
We posted some videos to Channel 9 in the last 6 months or so, and I wanted to let everybody know about them. We have one set of video's that provide some insight into the Network Monitor API and...
View ArticleClik here to view.
Reassembling Packets with the Network Monitor API
Network traffic by nature is fragmented. Limits of various network packet sizes force protocols to chop up data into multiple frames. When you capture data or read it from a trace with the API (NMAPI)...
View ArticleClik here to view.
Adapters Are Missing After Upgrading to Windows 7
If you have just upgraded to Windows 7, you might notice that you no longer see any adapters listed in your Select Networks selection. There is a very simple way to fix this problem. First run CMD as...
View ArticleClik here to view.
When You Can't Save Frames From the UI
You might have run into an occasion when doing a capture from the UI that you are unable to save your capture. You might receive a message like "Not enough storage is available to process this...
View ArticleClik here to view.
No Frames Captured Due to Disk Quota
In certain instances, you start a capture and no frames are captured. Or perhaps the UI suddenly stops displaying new frames. The display doesn't indicate any dropped frames and you've already verified...
View ArticleClik here to view.
Capturing a Trace at Boot Up
Capturing a trace during a boot is a common task that can be difficult to accomplish. In fact the most fool proof way to capture all traffic at boot is to capture the traffic from a 3rd party capturing...
View ArticleClik here to view.
Annotated Traces for Windows System Behavior
Microsoft publishes protocol documentation on MSDN that is intended to make it easier for others to develop interoperable implementations. “System Documents” provide overviews of system behavior for...
View ArticleClik here to view.
Measuring Response Times
It's often useful to understand how long it takes for a request to get responded to. This helps you gauge how well a client or server is keeping up. This type of measurement can also be done at...
View ArticleClik here to view.
Expert to Decrypt TLS/SSL Traffic
One of the most popular requests we've had is to provide a way to view encrypted traffic. The new Decryption expert aims to solve this problem for TLS/SSL traffic. Using the Decryption Expert The...
View ArticleClik here to view.
Network Monitor Parsers and the CodePlex Foundation
The Network Monitor Parser project is now part of the Systems Infrastructure & Integration Gallery of the CodePlex Foundation. The CodePlex Foundation will now be responsible for further...
View ArticleClik here to view.
Office Parsers Available
A new set of parsers for decoding office protocols is now available on the download center. These parsers represent the protocols described by the documents in the MSDN Open Specifications for Office....
View Article