Microsoft Network Monitor

I had never heard of this tool until today... I've always used Wireshark. Today I needed to view traffic broken out by application (PID/ProcessName). I went hunting and found the Microsoft Network Monitor. Surprisingly it's very feature rich, easy to use, and did exactly what I needed it to do... and sooo much more. Check it out!

Microsoft Links

• Information about Network Monitor 3
• Download Microsoft Network Monitor 3.4 (archive)

Example Filters

Capturing everything except RDP:

!(tcp.port==3389)

Capture only DNS:

DNS

Filter Source or Destination IPv4 Address:

IPv4.Address == 1.1.1.1

Filter Source IPv4 Address:

IPv4.SourceAddress == 1.1.1.1

Filter IPV4 Source and Destination:

IPv4.Address==1.1.1.1 and IPv4.Address==2.2.2.2

 

Example on other sites:

• Network Monitor Filter Examples

 

-end