NetWiz – Network Wizard Tool – Online Help
Authors: Roberto Alexis Farah and Yuri Diogenes
Technical Reviewer: Paul Long
Table of Content:
1. Introduction
2. Requirements
3. Getting Start with NetWiz
4. Select Protocols
5. Schedule the Capture
6. Maximum File Size
7. Schedule the Stop
8. Network Interface and File Location
9. Additional Options
10. Script Execution
1. Introduction
In IT scenarios where we have integration between many products, we are challenged everyday to gather the right data at the right time. Troubleshooting often require that the technician get the information that is passing on the wire to be able to understand what is going on during that communication.
With the new release of Network Monitor 3 (for more information check the Network Monitor Blog) we have more power, flexibility and accuracy to grab what we really need to. With the released version we have a new command line version called nmcap, which is much more powerful than the previous command line version.
The NetWiz tool was created, to assist the user in using nmcap and guide him through with a wizard interface. The idea is to take advantage of the powerful command line interface of Network Monitor 3 offering a step by step GUI that will help in learning the command lineas well as on the execution, scheduling and narrowing down of what you really need to capture.
2. Requirements
In order to run NetWiz, your computer needs the following:
· Microsoft Windows XP, 2003 or Vista;
· Microsoft Network Monitor 3;
· Microsoft .Net Framework 2 (or higher);
3. Getting Start with NetWiz
To launch NetWiz execute the file NetWiz.exe and the Welcome Interface will appears. After click in Next the following interface will appear:
Figure 1 – Main elements of NetWiz window.
· Parameters Panel: this panel has the parameters that you can configure for your capture. Every change on this panel will reflect on a parameter change in the nmcap output;
· Selection Summary: summarization summary of the options that you selected on the parameters panel;
· Command Panel: with this panel you have the chance to learn the nmcap’s parameters. The options that you selected on the parameters panel will reflect in the nmcap output and will show up here. You can also just select the output,right click on it, and choose the option copy;
· Wizard’s Page Counter: Your progress during the execution of the wizard;
· Online Help: link to online help at Latam’s Team Blog.
4. Select Protocols
On the second window (show on figure 1) we have the following options:
· All traffic: this option will capture all packets passing through the network interface of the computer;
· All packets received where the protocol is equal to: this option will allow you to choose which protocols you want to capture. To choose the protocols click on the “Select Protocols…” button and the following window will appear:
Figure 2 – Protocol Selection.
On this window you can select some of the more common protocols., You can also choose one or multiple protocols. When you select multiple protocols the OR operator will be used in the nmcap filter parameter.
The last two checkboxes are mutually exclusive, so you cannot select a protocol and one of these two last options.
· All protocols coming from this host (IP Address): you can select this option if you want to filter the capture for traffic coming from one specific host;
· Custom: this option allows you to customize from where and what kind of protocol you want to capture:
Figure 3 – Custom Selection.
On this window we combined the filter by IP or by MAC address. It is also possible to select the source or destination common protocol.
5. Schedule the Capture
The next step on the Wizard is to schedule when you want to start the capture. You can choose the option to run now. This will make the nmcap to run right after the wizard finishes. The other option is to schedule a time and date that you want to start the capture.
The last option is to allow you to choose a trigger to start the capture. Using this option, nmcap will watch the traffic and when it receives a packet with the specification that you choose it will start capturing data:
Figure 4 – Custom Protocol
You need to specify the source or destination IP address that wants to be use to trigger the capture and also the protocol (TCP or UDP) on one specific port.
6. Maximum File Size
By default NetWiz will limit the file size for 100MB. However you can change to a larger. This will make the file grow until you stop the capture. It is important to emphasize that the file will be located on the folder that you will specify on window number six of the Wizard.
7. Schedule Stop
On the schedule stop window you can choose to stop the capture manually using a specific key (case sensitive). You can also specify one date and time or stop the capture with a custom trigger, as presented on item 5.
8. Network Interface / File Location
On this window you can select on what interface will be used to capture the data. All available network interfaces will appear on this panel. There are two situations where this window will appear with blank result:
· If you are using Windows Vista without administrative rights (standard user account)
o This is a security measure on Windows Vista that prevents the Network Monitor and nmcap to shows and bind to the networking interface when logged with a user with lower privileges.
· If you are running NetWiz on a system that doesn’t have Network Monitor 3 installed
o NetWiz uses the parameter /displaynetworks from nmcap command to show the available networks on the system. If Network Monitor 3 is not installed NetWiz will suggest to capture on all available networks.
The file location panel will allow you to specify the location of the output file (CAP).
9. Additional Options
On this page it is possible to disable the conversation feature. This will enhance the performance of nmcap. By default this option is not selected because nmcap uses conversation to group frames that are related to each other at various protocols. Some higher-level protocol filters require conversation properties. For more information check the Microsoft Network Monitor 3 User Guide.
By default NetWiz will configure nmcap to run in local mode only, you can select this check box to enable the promiscuous mode, which means that all frames seen by the computer will be capture.
10. Script Execution
After you click on Finish button and depending on the parameters that you selected, NetWiz will execute a VBS script that calls nmcap with all parameters that were selected. A command prompt window will appear and the capture will start:
Figure 5 – NetWiz Script Window
11. Feedback
Your feedback about the experience with NetWiz is very important for us, please send it to netwiz@microsoft.com.