Capture network traffic in Windows XP and Windows Server 2003

Network Administration - Have you ever known about NETCAP.EXE available in Windows XP and Windows Server 2003? This is a command-line utility that checks network traffic and in this article, I will show you this utility in checking network traffic.

Capture network traffic in Windows XP and Windows Server 2003 Picture 1 Netcap provides capture capabilities only from a command prompt; To open capture files (.cap), you must use the complete Network Monitor interface.

This utility is installed when you install the support tools included in the Windows XP CD-ROM. Network Monitor is provided with Microsoft Windows Server and Systems Management Server (SMS) products.

Netcap provides the same capture capabilities as the Network Monitor version included with Windows Server products; though you must use Netcap at the command prompt. Netcap will install the Network Monitor driver and connect it to all adapters when you run the Netcap command for the first time.

The following commands are sample Netcap commands:

To capture traffic on NIC 1 using a 10 megabyte (MB) buffer, use the following command:

netcap / n: 1 / b: 10

Netcap will stop capturre when the buffer is full. To capture traffic with "First In First Out" buffer (FIFO), the default buffer for Network Monitor, you can use the following command:

netcap / tn

Note that if you want to stop the capture, press SPACEBAR.

To capture only one hour with 1-MB FIFO buffer, use the following command:

netcap / L: 01: 00:00

To remove the Network Monitor driver, use the following command:

netcap / remove

The capture files that you create using Netcap are set by default in the UserProfileLocal SettingsTemp folder, UserProfile is the user's profile name. You can change the default directory by using the / c or / tcf switches.

Using NETCAP /? for more information on help.