What’s New in Network Monitor 3.4?
description
Transcript of What’s New in Network Monitor 3.4?
![Page 1: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/1.jpg)
WHAT’S NEW IN NETWORK
MONITOR 3.4?
![Page 2: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/2.jpg)
User Interface Refresh Parser Configuration Manager Column Management Color Rules Window Layouts Separate Capture Dialog “Live” Experts Alias Updates Fixed-Width Font
![Page 3: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/3.jpg)
Parser Configuration Management
Multiple Parser Profiles Built During Install Quickly Switch Between Parser Profiles
Ex: Locate traffic with Default Parser, switch to Windows for more detail.
![Page 4: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/4.jpg)
Parser Profiles
Parsing Completeness
Performance
Shallow CompleteFast
Slow
Pure
Default
Fast
Windows
HPC
The more detail you get, the slower filtering and loading is.
![Page 5: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/5.jpg)
Parser Profiles
The Default is the currently enabled profile
You can also set Active Profile from Parser Profile Button
Create New Parser Profile to customize.
Create from existing and automatically include “Network Monitor 3/Parser” directory
![Page 6: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/6.jpg)
Parser Profiles A Parser Profile defines where Network
Monitor goes to load parsers
Directory List determines where parser files are loaded from. The first instance of an NPL file is discovered from walking this list.
![Page 7: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/7.jpg)
Parser Profiles
Other Parsers AvailableSQL BrowserOffice and OCS
http://www.CodePlex.com/NMParsersBe sure to check the following link for latest parser updates
High Performance Capturing
Primarily used automatically with High Perf Capture Feature. Only parse through TCP.
Faster Parsing Optimized Parser set with limited parsing, but includes TCP, HTTP, DNS, DHCP
Default – Includes more common parsers including SMB, SMB2 and LDAP
Windows Includes all Window Protocol Parsers. Very complete.
![Page 8: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/8.jpg)
Columns Management Multiple, Selectable Column Layouts All Layouts User Customizable Includes HTTP and TCP Troubleshooter Auto-Selected Based On Capture Type
See Time Zone UTC for more info
![Page 9: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/9.jpg)
Columns Management
![Page 10: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/10.jpg)
Columns Management Original Add/Remove Column Unchanged Columns Button Added Remove Column by Right Clicking
![Page 11: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/11.jpg)
Columns Management Column Layout Based on File Type Applied to Frame Summary Window All Layouts Can be Modified and Saved Two Extra Layouts
HTTP Troubleshooter
TCP Troubleshooter
![Page 12: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/12.jpg)
Color Rules Create via Right Click Dropdown Button on Frame Summary Bar
![Page 13: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/13.jpg)
Color Rules
Load, Save and Distribute Color Rules (.nmcf file)
Enable/Disable each rule
Append loaded rules to start or end
Priority is configurable, determined by order
![Page 14: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/14.jpg)
Windows Layouts Three Layouts Each Customizable
Simple Diagnostic
Developer
![Page 15: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/15.jpg)
Separate Capture Dialog Windows Moved for more Vertical Space Combines Capture Filter/Network Selection Capture Filter, Separate, Floating Window
![Page 16: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/16.jpg)
“Live Experts” Experts now available with new Captures Save a SnapShot before calling Expert
![Page 17: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/17.jpg)
Aliases Updates Auto Applies with Right Click Create Alias New Aliases Button
![Page 18: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/18.jpg)
Fixed Width Font
Select this option to use fixed width font.
Before:
After:
![Page 19: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/19.jpg)
Other New Features UTC Timestamps High Resolution Time Stamp Processing Tracking NMCap High Performance Capturing 802.11n WiFi and Raw IP Support Driver Capture Location API Driver Filtering API Parser Profiles
![Page 20: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/20.jpg)
UTC Timestamps
Trace Reviewer in LA
Customer in NY
Event Viewer + Traces
2 pm EST
1pm CST
12pm MST
11am PST
NM3.3 trace would not match Event Viewer times, NM3.4 will.
Sends a trace and event logs to be analyzed
![Page 21: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/21.jpg)
UTC Timestamps
Previously Time was Presented LocallyThe Time the Capture was TakenUnadjusted for the Trace Reviewer
Now “Time Date Local Adjusted” Presents Time in the Reviewers Context.Associate with other Time Adjusted Logs
You can revert back to old way!
![Page 22: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/22.jpg)
UTC Timestamps
Time Date Local Adjusted column for traces taken with 3.4
Switching to NM 3.3 shows Local time column “Time of Day”
![Page 23: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/23.jpg)
UTC TimestampsUse File, Properties to determine capture file stats, including time zone information.
![Page 24: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/24.jpg)
High Resolution Time Stamp Now Microsecond Precision
NM3.4NM3.3
![Page 25: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/25.jpg)
Processing Tracking in NMCap
Previously only Available in UI NMCap Can Now Capture Process Info! /CaptureProcesses to Enable
![Page 26: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/26.jpg)
High Performance Capturing
FramesRoot
Capture
Parsed and
Filtered
Capture File
Previous Behavior – 3.3
Frames Back Up
![Page 27: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/27.jpg)
High Performance Capturing Buffering to Disk adds Time and
Requires Machine Resources As Long as the Filter can Keep Up,
Better To Filter Before we Write to Disk
![Page 28: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/28.jpg)
High Performance Capturing
FramesRoot
Capture
Parsed and
Filtered
Capture File
New Behavior – 3.4
Parse and FilteredUsing
Optimized Parser
Only filters with predetermined fields.Fields are fully qualified.i.e Frame.Ethernet.Ipv4.Tcp.Port==8080Standard Filters Available to Learn
Throttle
If High Perf Filtering Can’t Keep Up
We revert to buffering framesOnce we catch up, return to High Perf
![Page 29: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/29.jpg)
Driver Capture Location
Place Driver at Top or Bottom of LWF Stack
Plays Better with other LWF DriversNLBNetwork Emulation Tool (NEWT)
Configured with Registry Setting
HKLM\System\CurrentControlSet\Services\nm3\LoadUpperLayers
![Page 30: What’s New in Network Monitor 3.4?](https://reader038.fdocuments.net/reader038/viewer/2022110103/5681431e550346895daf80ba/html5/thumbnails/30.jpg)
Network Monitor 3 Resources Blog: Includes general help topics and
training videos. General Forums: For general questions about
using Network Monitor, Parsing Language, and the API.
Parser Updates: We update approximately monthly, so check frequently for updates.
Experts: Experts perform analysis on trace data directly from the UI.