Microsoft Network Monitor 3.3 is a protocol analyzer that you
can use to capture network traffic, as well as view and analyze it.
Network Monitor 3.3 is compatible with the Windows XP, Windows
Server 2003, and Windows Vista operating systems. It is a free,
licensed component that is not provided with Windows operating
systems on client computers, so use of the tool is limited to
computers on which it is installed. Network Monitor 3.3 is
available as a free download at the Microsoft Download Center. For
more information and to download the tool, see KB Article 933741,
Information about Network Monitor 3 at
The following example code is for a display filter that may be useful in capturing network traffic for troubleshooting issues with Enterprise Voice.
Copy Code | |
---|---|
// Network Monitor 3.x display filter for Office Communications Server troubleshooting. tcp.port==5061 // SIP over TLS. This is used by most functions of OCS // Uncomment any additional protocols you wish to monitor. && = logical AND // && tcp.port==5060 // SIP over TCP // && tcp.port==5062 // Default SIP for the A/V edge // && tcp.port==5063 // Default SIP for the A/V Conferencing server // && tcp.port==443 // HTTPS, TCP STUN // && udp.port==3478 // UDP STUN // && tcp.port==8057 // PSOM // && tcp.port==135 // RPC endpoint mapper used on front end servers for WMI and DCOM // && dns // DNS // Media port ranges. These ranges may be commonly used by non OCS devices on the network. // && (udp.Port>=50000 && udp.port<=59999) // RTP media port range on outside A/V edge // && (tcp.Port>=49152 && tcp.port<=65535) // RTP media port range for A/V MCU // && ((tcp.port>=1024 && tcp.port<=65535) || (udp.port>=1024 && udp.port<=65535)) // External Communicator media port range // These are additional filters that may be useful. Add a && token if they are to be used in combination with the above. // The following will show the start of TCP conversations (SYN) as well as resets // TCP.Flags.Reset == 1 || TCP.Flags.Syn == 1 // The following will show retransmits if conversations are enabled // (Property.TCPRetransmit == 1 || Property.TCPSynRetransmit == 1) // The following will hide RDP if the network trace was captured in a terminal session. // !(tcp.port==3389) |