To use address pairs in a Capture filter, first build an address database.To create an address list:
On the Capture menu, click Start. Open a .capture file in the Frame Viewer window.
When you have finished capturing, click Stop, and then click View on the Capture menu.
In the Frame Viewer window, on the Display menu, click Find All Names. Network Monitor processes the frames, and then adds them to the address database.
Close the Frame Viewer window, and then open the Capture window.
On the Capture menu, click Filter.
In the Capture Filter dialog box, double-click the Address Pairs line, or, you can click Address in the Add group dialog box. Network Monitor displays the address database that you have created. You can use the names in this database to specify address pairs in the Capture filter. If you are creating address entries for remote computers, use the IP or IPX address of the remote computer and not the media access control address. Media access control addresses are only used on local subnets, and are not passed from subnet to subnet in a routed environment.
In the Networks dialog box, select the appropriate interface. If you want to capture data on a network adapter, select the interface that corresponds to the network adapter that you want to capture data on; if you want to capture data across a remote access connection, select the interface that indicates it is a remote access interface in the properties listed in the details pane. If the appropriate media access control address is not known, you can find this by typing the following command at a command prompt:
Select an appropriate buffer size. By default, Network Monitor sets a 1MB buffer; in many cases, this may be too small. Select a buffer size that is large enough to gather all needed data, but small enough to not be unmanageable. Large capture files will be more difficult to filter and view.
Use the Save As command to save capture statistics to a capture file or to save changes for later viewing. To save the captured frames to a capture file or text file:
Do one of the following:
On the toolbar, click File Save.
Or, on the File menu, click Save As.
Do one the following:
To save the file to the current drive and directory, in the File Name box, specify a file name and an extension. If you save a file that you have modified, you cannot save it under its original name in the same directory.
To save the file to a network share to which you are not connected, click Network, and then use the Connect Network Drive dialog box to establish the connection.
To save the file to a different drive or directory, do the following:
In the Drives box, select a new drive.
In the Directories box, select a new directory.
Type the file name.
To save only those frame statistics that meet the specifications of the current display filter, click Filtered. This option is available only if you are saving data from the Frame Viewer window.
To save a particular range of frames, type the beginning and ending frame numbers in the From and To boxes.
NOTE: When a range of frames is saved to a capture file, the numbers associated with the frames are changed; in a capture file, frame numbers always begin with 1, regardless of the number associated with the original frame. Similarly, if you apply a display filter, and then save the filtered frames, the frame numbers in the capture file begin with 1. If, however, you use the Print to File option in the Print dialog box, the original frame numbers associated with the frames are preserved.
To view frames saved to a file, you can open this file and display the statistics in Network Monitor's Frame Viewer window
When capturing network traffic between two specific computers that are separated by one or more routers, check whether network packets are being lost or corrupted somewhere between the routers.
To make these traces consistent and to be able to read these traces simultaneously, the system clocks must be synchronized between the two computers before you make the trace. To synchronize time between pairs of computers:
Choose the computer with which you want to synchronize the time.
From the other computer, type the command
net time \\ComputerName /set /yes
where ComputerName is the name of the computer from step 1.
Verify that the computers have the same time by typing the time command from a command prompt on each computer.