One of the more underrated tools included with Microsoft Windows Server is Network Monitor. Network Monitor is a packet capture tool that allows network administrators to gain insight into what network traffic is being sent and received by the server. This data can be useful in diagnosing various network problems including broadcast storms, intrusion attempts, and misbehaving applications.

Originally, Microsoft Windows Server shipped with a version of Network Monitor that only allowed capturing of packets destined for the server. It was unable to place the network card in promiscuous mode and capture all packets received by the network card. Microsoft Windows Server 2008 no longer ships with Network Monitor, but a free version is available for download from Microsoft. This version is fully functional and allows promiscuous mode access. Most Ethernet networks in operation today use switches rather than hubs. This means the only data sent to the server in normal operation is destined for that server. Fortunately, many switches can be configured to copy all network traffic onto a port designated for network monitoring. All traffic passing through the switch is copied onto this port, allowing full packet capturing of the network activity on the switch (Mackin & Northrup, 2008).

I have personally needed Network Monitor to debug network related issues on several occasions. The networks I work on now all have the ability to suppress broadcast storms. At one time, this was not possible and broadcast storms were an occasional headache. The best way to diagnose a broadcast storm was to use Network Monitor to capture packets on the wire. Network Monitor has built-in filtering tools that allow network administrators to target in on the data they need to diagnose the problem. In the case of a broadcast storm, Network Monitor can help find the source of the problem as well as help determine what caused it to begin.


Mackin, J. C. & Northrup, T. (2008). MCTS self-paced training kit (exam 70-642): Configuring Windows Server 2008 network infrastructure. Redmond, WA: Microsoft Press.