Once Network Monitor is installed, it can be accessed through any of the Administrative Tools methods, or by typing NETMON on the run line, which will open the Explorer folder, where you can double-click on NETMON.EXE, and quickly navigate to any capture logs from that point.

Once Network Monitor is up and running, it can get confusing very quickly. First of all, you won’t be able to view data until you tell Network Monitor to start capturing data by way of the Capture on the Menu Bar. The window is divided into four panes which serve as a real time display of various activities that occur with networking, and a snapshot of gathered information during the capture. The first pane in the upper left corner represents various rate statistics on how fast (or slow) the network card is transmitting and receiving data.

The second pane on the left represents communications between network (MAC) addresses where Network Address 1 is listed, Network Address 2 is listed, and the number of frames sent from NA1 to NA2 and back is listed. The frame on the right lists capture statistics for the duration of the capture. The pane on the bottom lists all of the statistics shown in the right frame, sorted by their respective network address.

Once a capture has been stopped, captured data can be viewed in table format either from the same Capture menu (Stop and View) or by pressing F12. This opens a new window within the Network Monitor, which can be closed and re-opened at any time. This window can also be minimized while a subsequent capture is taking place. The window displays detailed information for each packet (called a frame) sent or received by the system. Additional information for source, destination, protocol, and packet description are also displayed.

Double-clicking on a frame will display the exact contents of the packet, along with the original table, information about the specific frame, packet, and protocol versions. With a little work, you can eventually locate some readable information within a packet. Changing which items are highlighted in the middle pane will highlight the corresponding parts within the packet itself in the lower pane. Changing which frame (packet) is highlighted in the top frame will change the contents of the middle and bottom panes as well.

Network Monitor offers several features that are similar to those seen with Performance Monitor. It is possible to configure Network Monitor to capture only packets to or from a specific address, or those that contain specific keywords or data. This type of capturing is configured through the Capture | Triggers menu. What’s more, it’s possible to configure Network Monitor to do the opposite: automatically ignore (filter) packets that contain specific keywords or data. This type of capture is done through the Capture | Filter menu. Filters can be saved and loaded for other times, but triggers are so easy to configure that there are no options to save them.