Logo
PREGNANCY
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
 
 
Windows Server

Windows Server 2003 : Monitoring Network Performance (part 3)

3/25/2011 2:47:48 PM

Monitoring Network Traffic with Netstat

One tool you can use to help monitor your traffic is a command-line tool called Netstat. Netstat provides information about existing network connections and network activity statistics.

For instance, if you wanted to determine on which ports a system was listening for connections, you could execute the Netstat –a command. This would determine that the ports that you want closed are indeed closed.

However, just knowing which ports are open might not be enough data to close the hole. Indeed, you will want to know which application is using that port so you can further investigate the application and close the port. You can figure out the relationship between open ports and applications with the Netstat –o command. When you run the Netstat –o command, you can see the protocol, the local inbound port that is open, the connection from or to the other computer, and the port it is using, as shown in Figure 11.

Figure 11. Using Netstat –o to show all the processes and ports used on a server

In this example, notice that the last entry shows that Computer1 and Computer2 are communicating over port 3389. In this specific instance, you can see that the Process Identifier (PID) is 736. If you then want to correlate that PID with the actual process that is using the port, you must return to Task Manager.

In Task Manager, you can select the Processes tab. However, by default the Processes tab does not display the PIDs of processes. You can choose to see the PIDs by opening the View menu, selecting Columns, and selecting PID (Process Identifier), as shown in Figure 12.

Figure 12. Using Task Manager to show the PID

Then you will obtain a listing of the processes on the machine that includes the PIDs, as shown in Figure 13.

Figure 13. Using Task Manager to see which processes align with which PIDs

Simply match the PID and the process, and you will know which process or application has the port open. If your PID points to svchost, multiple services are probably running as a single process. To see which services they are, run Tasklist/svc. In this case, if you run Tasklist /svc, you will see that the svchost that equates to this computer’s PID of 736 is for Terminal Services. Terminal Services uses port 3389 for communications.

In this way, you can find applications and services that open ports and close the door if you want.

Windows Server 2003 “Lite” and “Full” Network Monitor Tools

The full version of the tool, which is available only by purchasing Microsoft Systems Management Server, handles two tasks that the lite version cannot:

  • It can run in promiscuous mode; in other words, it is able to capture 100 percent of the network traffic.

  • It enables you to see where else Network Monitor is running. This information is useful when you are setting up multiple monitoring stations across your network and then using a central monitoring point to collect the data. You can also use it to monitor and prevent inside hack attempts by tracking down offenders, as shown in Figure 14.

    Figure 14. Tracking other Network Monitor instances

Using Network Monitor Triggers

Network Monitor’s main function is to capture packets as they cross the network. So much occurs at once that trying to find the information you need is often nearly impossible. Therefore, one important skill to master with Network Monitor is the ability to quickly locate what you are looking for when the action happens.

Setting Triggers Network Monitor provides a facility to alert you once certain conditions are met. This facility might be helpful under a variety of circumstances where you set up Network Monitor and then decide to move on to other tasks. You can set up this ability by using triggers. To configure a trigger, start Network Monitor, and from the Caption menu, select Trigger. The Capture Trigger dialog box opens, as shown in Figure 15.

Figure 15. Configuring a trigger to alert you to specific conditions

Capturing Trigger Options The default Trigger On option is set to Nothing, which means no triggers will be active. You can set up a trigger to alert you under certain key conditions. For instance, you can be notified when the buffer space is 25 percent, 50 percent, 75 percent, or 100 percent full. This might be your signal to take a look and clean it out before any packets are lost because of low buffer space.

You might also decide to use the handy Pattern Match feature (selected in the figure), which allows you to type in a hex or ASCII representation of what you want to find. For instance, you could look for any instance of a clear text string of characters, and then, by using the Execute Command Line option, have a message sent to you saying that your text string was found.
Other -----------------
- Windows Server 2008 R2 : Group Policy Management for Network Clients - Group Policy Feature Set
- Windows Server 2008 R2 : Group Policy Management for Network Clients - Windows Group Policies
- SharePoint 2010 PerformancePoint Services : SharePoint List Data Source
- SharePoint 2010 PerformancePoint Services : Data Sources - Import from Excel Workbook
- SharePoint 2010 : Visio Graphics Services Overview
- SharePoint 2010 : Access Services Overview
- Windows Server 2008 Server Core : Managing System Users - Obtaining Group Policy Results with the GPResult Command
- Windows Server 2008 Server Core : Managing System Users - Configuring Profiles with the CMStP Utility
- Windows Server 2008 Server Core : Auditing User Access with the AuditPol Utility
- BizTalk Server 2010 : Configuring Core Server Settings
- BizTalk Server 2010 : Indicating Matches in Maps
- SharePoint 2010 : Publishing to Excel Services (part 2) - Allowing Parameter Input in Excel Web Access
- SharePoint 2010 : Publishing to Excel Services (part 1)
- Securing an Exchange Server 2010 Environment : Securing Outlook Web App
- Securing an Exchange Server 2010 Environment : Protecting Against Spam
- Securing an Exchange Server 2010 Environment : Securing Outlook 2007
- Securing an Exchange Server 2010 Environment : Securing Your Windows Environment
- Windows Server 2008 R2 Administration Tools for Desktops : Creating Custom Installations Using Capture Images
- Windows Server 2008 R2 : Creating Discover Images (part 3) - Pre-creating Active Directory Computer Accounts for WDS
- Windows Server 2008 R2 : Creating Discover Images (part 2) - Adding Drivers to Boot and Discover Images
 
 
Most view of day
- Windows Server 2012 : Simplifying the Datacenter (part 4) - Managing Windows 2012 with Performance and Reliability Monitoring Tools, Leveraging the Best Practice Analyzer
- Windows Server 2012 Administration : Creating Groups (part 1) - Domain Functional Level and Groups , Creating AD Groups
- System Center Configuration Manager 2007 : Network Design - Use of BITS
- Exchange Server 2007 : Migrating from Windows 2000 Server to Windows Server 2003 (part 6) - Upgrading Domain and Forest Functional Levels
- Microsoft Project 2010 : Fine-Tuning Task Details (part 3) - Interrupting Work on a Task
- Planning Deployment : Preparing for Development
- Maintaining Desktop Health : Monitoring Reliability and Performance (part 3)
- Sharepoint 2013 : Managing Security - Grant Permissions to a File or List Item
- Microsoft Project 2010 : Tracking Progress on Tasks (part 3) - Entering a Task’s Completion Percentage
- SQL server 2008 R2 : Reverting to a Database Snapshot for Recovery
Top 10
- Sharepoint 2013 : Working with the CSOM (part 6) - Working with the JavaScript client object model - Creating, reading, updating, and deleting in the JavaScript client object model
- Sharepoint 2013 : Working with the CSOM (part 5) - Working with the JavaScript client object model - Handling errors
- Sharepoint 2013 : Working with the CSOM (part 4) - Working with the JavaScript client object model - Returning collections
- Sharepoint 2013 : Working with the CSOM (part 3) - Working with the managed client object model - Creating, reading, updating, and deleting
- Sharepoint 2013 : Working with the CSOM (part 2) - Working with the managed client object model - Handling errors
- Sharepoint 2013 : Working with the CSOM (part 1) - Understanding client object model fundamentals
- Windows Phone 8 : Configuring Mailbox Settings (part 5) - Configuring Automatic Replies
- Windows Phone 8 : Configuring Mailbox Settings (part 4) - Lightening the Display,Changing the Mailbox Sync Settings
- Windows Phone 8 : Configuring Mailbox Settings (part 3) - Message Signatures, Blind CCing Yourself
- Windows Phone 8 : Configuring Mailbox Settings (part 2) - Unlinking Mailboxes, Conversation View
 
 
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
2015 Camaro