NMCAP – A NETMON 3.3 COMMAND LINE CAPTURE TOOL

This is an informational post to spread awareness about a new command line tool called NMCAP which is available with NETMON 3.3. This is really a handy command line tool which can do almost everything that can be done with NETMON 3.3 UI. Despite of being highly capable in capturing all kind of network traffic  NMCAP uses minimal resources on the production systems when compared to NETMON 3.3 UI.

In scenarios where load is something to consider , use NMCAP to capture network data.

Some of the features for NMCAP

—Highest Capture Performance

—/Examples for Help

—Can Run for Days with No Problems

—Circular and Chain Capture Support

—Automatable

Example Usage:
  Example 1:

This example starts capturing all TCP frames and will be saved in a capture file name tcp.cap. If you want to stop capturing, Press Control+C.

nmcap /network * /capture tcp /File tcp.cap

  Example 2:

This example starts capturing network frames at 3:17 PM on JAN 31, 2010. ALL the HTTP frames that contains keyword “localhost” in the URI property of the HTTP protocol. The size of the capture file will not exceed 6 megabytes and will create a chained capture files named HTTP.cap, HTTP(1).cap, HTTP(2).cap. If the user presses x at any time during this capture, the program will terminate, otherwise the capture will stop 10 minutes after it has begun.

nmcap /network * /startwhen /time 3:17:00PM 01/31/10 /capture contains(HTTP.Request.URI,’localhost') /file HTTP.chn:6M /stopwhen /timeafter 10Min /TerminateWhen /KeyPress x

NMCAP can easily be scriptable in a batch file and this makes the tool highly automatable, even the pre-configured batch files can be provided to the customer to capture the network data from the production servers.

For more information on NMCAP check out the following link..

https://blogs.technet.com/netmon/archive/2006/10/24/nmcap-the-easy-way-to-automate-capturing.aspx

Hope this helps…..