Microsoft opens Network Monitor 3 beta 2 to public
4 Comments
After many years the Microsoft network sniffer, Network Monitor (friendly called NetMon), is coming back.
Network Monitor 2.1 is included as optional component in every Windows NT/2000 installation but has a severe limitation: it cannot put the network interface in promiscuous mode, preventing capture of all packets passing on the cable.
To have a full version of Network Monitor 2.1 you have to buy Microsoft System Management Server (SMS) 1.2 or 2.0.
Upcoming Network Monitor 3 will offer several new features and will finally be an uncapped, free, stand-alone application for Windows XP/2003/Vista/codename Longhorn (both 32 and 64bits):
The last feature is particularly interesting, permitting network experts to create new protocol decoders or complex packet manipulations in an easy and quick way (in previous releases writing a protocol parser implied writing a DLL).
With NPL (NetMon Parser Language) Microsoft has a big chance to involve the network and security communities around Network Monitor and should arrange a Parsers Center or something like that.
We'll see if it will be able to compete with Wireshark (formerly Ethereal) and its new enhanced features.
Enroll for the beta here and check dedicated beta newsgroup here.
Network Monitor 2.1 is included as optional component in every Windows NT/2000 installation but has a severe limitation: it cannot put the network interface in promiscuous mode, preventing capture of all packets passing on the cable.
To have a full version of Network Monitor 2.1 you have to buy Microsoft System Management Server (SMS) 1.2 or 2.0.
Upcoming Network Monitor 3 will offer several new features and will finally be an uncapped, free, stand-alone application for Windows XP/2003/Vista/codename Longhorn (both 32 and 64bits):
- Real time capture and display of frames
- Simultaneous capture on multiple network adapters
- Multiple simultaneous capture sessions
- Network conversations and a tree view displaying frames by conversation
- Enhanced capture/display filtering (with intelli-sense)
- A new script-based protocol parser language (NPL), and script-based parsers
The last feature is particularly interesting, permitting network experts to create new protocol decoders or complex packet manipulations in an easy and quick way (in previous releases writing a protocol parser implied writing a DLL).
With NPL (NetMon Parser Language) Microsoft has a big chance to involve the network and security communities around Network Monitor and should arrange a Parsers Center or something like that.
We'll see if it will be able to compete with Wireshark (formerly Ethereal) and its new enhanced features.
Enroll for the beta here and check dedicated beta newsgroup here.
Most Recent Articles
4 Comments:
- 一楼?
-
And is there a reason this is better than the free wireshark?
http://www.wireshark.org/ -
Yes - MSFT can write parsers for its own traffic much better than Wireshark ever can. Conversely, Wireshark has some parsers that are way better than NetMon.
For example, the RPC and SMB parsers that are available for NetMon are much better for troubleshooting. - Also, parsers in NM3 cannot incur the security bugs that parsers for EtherShark or NM2.x can. The parsing engine was written with this goal above all others.
Links to this article:
Stay up to date |
|