Using Network Monitor to Capture Traffic Using a Remote Agent

This article was previously published under Q232247
This article has been archived. It is offered "as is" and will no longer be updated.
Microsoft Network Monitor gives you the capability to connect to other computers and capture traffic from another computer. You can do this across a router or a Remote Access Service (RAS) connection.
The two primary components of Network Monitor are the Network Monitor Agent and the user interface. The Network Monitor Agent binds to the user interface and passes traffic up to the program. The Network Monitor Agent can run on any compatible computer while the program is running on a separate computer.

How to Use Network Monitor Agent on a Second Computer

On the Network Monitor Agent host computer:
  1. Install the Network Monitor Agent (in Control Panel, click Network, click Services, click Add, and then click Network Monitor Agent).
  2. In Control Panel, click Services, click Network Monitor Agent, and then click Start. (If you want the Network Monitor Agent to start when the computer starts, click Startup, and then click Automatic.)
To connect to a remote Network Monitor Agent:
  1. Start Network Monitor.
  2. From the Capture menu, click Networks.
  3. Click the name of the remote connection, and then click Connect.

    NOTE: Until you make a connection, this entry is REMOTE. After you make a connection, REMOTE is replaced by the NetBIOS name of the remote computer.
  4. In the Agent Name box, specify the name of the agent to which you are connecting. This name is the NetBIOS name of the remote computer. A universal naming convention (UNC) path name is not required.
  5. In the User Comment box, click a comment to associate with the agent name you specified. This comment is displayed when users attempt to connect to the Network Monitor Agent.
  6. In the Agent Status Update Frequency dialog box, specify the frequency (in seconds), in which you want the statistics from the remote capture displayed on your local computer. This number must be between 1-65 (the default is 2).
  7. Click the Slow Link option. This option extends the period of time that your connection can be idle before Network Monitor concludes that the connection is unsuccessful and disconnects from the Network Monitor Agent. This option is recommended for all asynchronous connections.
  8. Click Connect. If the Network Monitor Agent on the remote computer is password protected, you are prompted to type a password. If the Network Monitor Agent is running on a computer with only one network adapter installed, Network Monitor connects to that network adapter. If the Network Monitor Agent is installed on a computer that is multihomed, a dialog box that lists the network adapters installed is displayed. An asterisk appears next to the network adapter that Network Monitor used to make the connection to the remote computer. This network adapter is connected to the same network segment to which you are connected. Unless you want to capture statistics from your own your local network segment, you should select one of the other network adapters that is displayed.
  9. Click Capture/Start to begin capturing data.
For additional information, please see the following article in the Microsoft Knowledge Base:
148942 How to Capture Network Traffic with Network Monitor
netmon nm bh bloodhound sniff trace

Article ID: 232247 - Last Review: 12/05/2015 14:36:55 - Revision: 2.3

Microsoft Windows NT Advanced Server 3.1, Microsoft Windows NT Server 3.5, Microsoft Windows NT Server 3.51, Microsoft Windows NT Server 4.0 Standard Edition, Microsoft Windows NT Server 4.0 Enterprise Edition, Microsoft Windows NT Workstation 3.1, Microsoft Windows NT Workstation 3.5, Microsoft Windows NT Workstation 3.51, Microsoft Windows NT Workstation 4.0 Developer Edition, Microsoft Windows 95, Microsoft Windows 98 Standard Edition, Microsoft Windows 98 Second Edition

  • kbnosurvey kbarchive kbinfo KB232247