netmon and netsh trace(Windows Network Anaylsis)


Netmon

  1. Download and install NetMon.exe on both server and client.
  2. Create a folder, such as "D:\netmon".
    (Make sure it has enough space for log saving.)
  3. Capture the IP and Port Information:
    CMD (run as admin):
    ipconfig /all >D:\netmon\IP.txt
    netstat -abno > D:\netmon\ServerNetstat.txt
  4. Capture the Netmon Trace (network package):
    1. cd C:\Program Files\Microsoft Network Monitor 3
    2. Option a - Round Robin File (limit by 200M, overwrite if file size exceeds 200MB)
      nmcap /network * /capture /file D:\netmon\ServerConnection.cap:200M
    3. Option b - Chained File - New file is created for every 200M
      nmcap /network * /capture /file D:\netmon\ServerConnection.chn:200M
    4. Option c - Scheduled File
      nmcap /network * /capture /StartWhen /Time 09:00:00 AM 10/28/2021 /StopWhen /Time 11:30:00 AM 10/28/2021 /file D:\netmon\ServerConnection.chn:200M
    5. Option d - capture network package from both IP via GUI.

Reference: Using the Network Monitor Tool - Windows drivers | Microsoft Docs


Netsh

In case of the netmon does not work, netsh command can be used:

Open Command Prompt as administrator:

  1. run the following command to start the collection:
    netsh trace start capture=yes maxsize=2048 tracefile=c:\temp\SQL.etl
    Note: maxsize and tracefile can be changed accordingly.

  2. Then reproduce the issue.
  3. Stop the collection by running the following command:
    netsh trace stop
  4. Create a folder, such as "D:\netmon".
    (Make sure it has enough space for log saving.)
  5. Capture the IP and Port Information:
    CMD (run as admin):
    ipconfig /all >D:\netmon\IP.txt
    netstat -abno > D:\netmon\ServerNetstat.txt

Email Post

Comments

Post a Comment