Windows 2000 includes a number of utilities for monitoring network performance and troubleshooting problems. These are described in the following sections.
Network Monitor is a utility for monitoring traffic on the network. Network Monitor consists of three components:
- Network Monitor tools
The network monitoring utility.
- Network Monitor agent
A service that runs in the background and provides data to Network Monitor.
- Network Monitor driver
An optional driver that can provide additional information to the Network Monitor agent.
To install Network Monitor under Windows 2000 Server, follow these steps. The installation includes the monitoring tools and the monitoring agent.
In the Add/Remove Programs Control Panel applet, select the Add/Remove Windows Components option.
Open the Management and Monitoring Tools entry by clicking Details.
Select Network Monitor Tools and click OK.
Follow the instructions to complete the installation. You may need the Windows 2000 CD-ROM.
The Network Monitor driver is installed separately. Follow these steps to install the driver:
In the Network and Dial-up Connections Control Panel applet, right-click the local area connection and select Properties.
Click the Install button. Choose Protocol from the list of network component types and click Add.
Select Network Monitor Driver from the list and click OK.
Follow the instructions to complete the installation. You may need the Windows 2000 CD-ROM.
After Network Monitor is installed, you can access it by selecting Programs → Administrative Tools → Network Monitor from the Start menu. The main Network Monitor dialog is shown in Figure 18-8.
To start capturing packets, select Capture → Start from this utility. You can also use the other settings in the Capture menu to select the types of data that will be captured.
After capturing packets and stopping the capture, select Capture → Display Captured Data to display the data. While you are viewing, select Display → Filter to choose which types of data are displayed. You can also use File → Save As to save the current capture data to a file.
Event Viewer displays error messages and other information about past events. In Windows 2000, Event Viewer is an MMC snap-in. To access this snap-in, select Event Viewer from the Administrative Tools Control Panel applet. Event Viewer is available in Windows 2000 Professional and Server.
Event Viewer displays three separate logs. For each log, events are displayed with their corresponding type, date, time, and source. Events are categorized by type, including Information, Warning, and Error. The following logs are available:
- Application log
Includes events logged by applications and problems such as application crashes.
- Security log
Includes messages relating to security. Security problems, such as incorrect logons, are included in this log if auditing is enabled. Security auditing is disabled by default.
- System log
Includes system error messages and status messages for system reboots and other events. If system events are selected for auditing, these are also included in this log.
Windows 2000 includes IP Security Monitor, a tool for measuring IP
Security statistics. To run this utility from Windows 2000
Professional or Server, type
IPSECMON
at the command prompt or the
Run prompt.
IPSECMON displays a list of currently enabled
IPSec policies and indicates whether IPSec is enabled on the
computer. It also displays a window of IPSec statistics, including
counters of the number of bytes sent and received securely,
authenticated bytes sent and received, bad packets and errors, and
key additions.
A separate window displays
ISAKMP/Oakley statistics.