The Microsoft Network Monitor tool has been around since the days of NT 4.0, and although it wasn’t the best sniffer around, it was a good tool to have in your toolbox if nothing else worked. Network Monitor (or NM for short) has been released in 2 major versions, and has had 2 types of installations – one, as a freeware add-on to the Windows Server operating systems (and it is still available for use on Windows Server 2003), and the second as a full sniffer program capable of using promiscuous mode, available only for SMS users.
All this has changed with the release of NM3.0 last year. NM3.0 looks much more mature than the program it has evolved from, and it already has some of the cool features only found in 3rd-party sniffers such as WireShark (previously known as “Ethereal”). You can take a look at some of the most used freeware Windows-based sniffers below.
Microsoft Network Monitor v3.1 is now available on http://connect.microsoft.com, featuring wireless sniffing and an easier way to create filters using “Right Click Add To Filter”.
Here is a list of features that are new to NM3.1:
- Wireless (802.11) capturing and monitor mode on Vista – With supported hardware, (Native WIFI), you can now trace wireless management packets. You can scan all channels or a subset of the ones your wireless NIC supports. You can also focus in on one specific channel. We now show the wireless metadata for normal wireless frames. This is really cool for t-shooting wireless problems. See signal strength and transfer speed as you walk around your house!
- RAS tracing support on Vista – Now you can trace your RAS connections so you can see the traffic inside your VPN tunnel. Previously this was only available with XP.
- Right click add to filter – Now there’s an easier way to discover how to create filters. Right click in the frame details data element or a column field in the frame summary and select add to filter.
- Microsoft Update enabled – Now you will be prompted when new updates exist. NM3.1 will occasionally check for a new version and notify you when one is available.
- New look filter toolbar – The UI has been changed when related to apply and remove filters. You can now apply a filter without having to UN-apply it first.
- New reassembly engine – The NM reassembly engine has been improved to handle a larger variety of protocol reassembly schemes.
- New public parsers – These include ip1394, ipcp, ipv6cp, madcap, pppoE, soap, ssdp, winsrpl, as well as improvements in the previously shipped parsers.
- Numerous Bug Fixes – This build has fixed many of the confirmed submitted bugs.
- Faster Parser Loading – Parsers loading is much faster, and now rebuilding takes a fraction of the time it used to.
Download Microsoft Network Monitor 3.1
NM3.1 is currently available on the Connect site. In order to get it you will need to do the following:
- Go to http://connect.microsoft.com.
- After going to the site, you will need to sign in with your passport account and participate in the Network Monitor 3 project, if you haven’t already.
- Once you do this, you’ll have access to the latest download.
NM3.1 will be also released on the main Microsoft site in a few weeks.
Other Windows-based freeware sniffers links
WinPcap, The Packet Capture and Network Monitoring Library for Windows http://www.winpcap.org/
AirSnort Homepage http://airsnort.shmoo.com/
Downloads NetStumbler http://www.netstumbler.com/downloads
Got more recommendations for freeware Windows-based sniffers? Add your comments below!
Recent Security Forum threads
Got a question? Post it on our Security Forums!