How to capture network traffic with Microsoft Network Monitor

When investigating network related problems, you can use Microsoft Network Monitor tool to capture, view and analyze network traffic. It is a powerful protocol analyzer.  This post is based on the latest release : Network Monitor 3.3.

1. Download the tool from here , install it on the machine that you want to run the capture—it should be a partner in the network conversation. Double-click to run the tool;
2. In the left-upper side panel, click on “Create: New capture tab…”. A new capture tab opens;
3. In the right-hand “Select Networks” view, select the network adaptor that you want to capture on;  This can be a multiple choice.
4. Now click the “start” icon on the tool bar, or press F5 to start capture. You can see the “Frame Summary” view being populated with new frames.
5. When the interested data is collected, stop tracing by clicking the “Stop” icon in the tool bar , or click F7.
6. Go to File->SaveAs to save the captured frames. Besides the file path, you can also define what to be saved by using the the “Frame selection” list .

Tips:

• How to view and analyze the network monitor trace is not covered by this post. You can find “Related Resources” in the network monitor download page . 
• A good practice is to capture with no filters, and save “All captured frames” to avoid missing anything useful in the trace, unless you know clearly that you are interested in a specific part of the trace only.
• If VPN is involved in the interested traffic, make sure “WAN Miniport” is included in step 3 above;

You can also check out some other useful network sniffers like Fiddler and WireShark.