Network Monitor: How to monitor just packet headers?

RZetlinRZetlin Inactive Imported Users Posts: 155
In the network monitor tool is there a way to just monitor the pack headers?

Comments

  • Danman32Danman32 Member Posts: 1,243
    Can you clarify what you are expecting to do?
    Network monitor captures packets. What you want to display regarding those captured packets is your business.
    Or perhaps you were looking for packet statistics?
  • RZetlinRZetlin Inactive Imported Users Posts: 155
    This is for a practice question on packet network monitoring:

    You are the network administrator for Contoso. The network contains 12 Windows Server 2003 computers and 300 Windows XP Professional computers. Three servers named Contoso2, Contoso3, and Contoso6 run a critical business application. When performing performance baseline measurements on these three servers, you notice that Contoso6 has a larger number of concurrently connected users at any given moment than Contoso2 or Contoso3. The additional workload is causing performance problems on Contoso6. You need to identify which client computers are connected to Contoso6. You plan to run Network Monitor on Contoso6 to capture all packets sent to Contoso6. The capture task must be configured to meet the following requirements:

    • To reduce the size of the captured data, you want to capture only the packet headers.
    • If a large number of packets are captured, the packets must be retained on the server.

    Captured packets must not overwrite previously captured packets. Which tasks should you perform to configure Network Monitor?
    a. Configure the Network Monitor display filters.
    b. Configure the Network Monitor capture filters.
    c. Increase the Network Monitor buffer size setting and decrease the Network Monitor frame size setting
    d. Decrease the Network Monitor buffer size setting and increase the Network Monitor frame size setting.

    My choice would be c because I believe that increasing the monitor buffer size would keep the data and by decreasing the frame size you would monitor just the IP headers.
  • Danman32Danman32 Member Posts: 1,243
    I agree. As I was reading the scenario, I started remembering that you can limit how many bytes of the packet you actually capture. This is mainly to avoid capturing unneeded data, such as from file transfers.

    In any case, even without knowing this, you can find the answer by process of elimination.

    B is no good, you are told to capture all packet.
    A won't change what packets you capture, rather only what you display.
    D won't help but would worsen bullet 2: If a large number of packets are captured, the packets must be retained on the server.

    Therefore the only remaining answer is C.
Sign In or Register to comment.