How To Capture TCP and HTTP Data Frames Using Network Monitor and MSXML HTTP Code

Article translations Article translations
Article ID: 295405 - View products that this article applies to.
This article was previously published under Q295405
Expand all | Collapse all

SUMMARY

Network Monitor is a utility that ships with Microsoft Windows 2000 Server and with Microsoft Systems Management Server. With Network Monitor, you can capture and observe network traffic patterns and problems.

MORE INFORMATION

When you set up a capture, you can filter frames and view data details presented in three panes: the Summary pane, the Detail pane, and the Hex pane. The following steps describe how to create a capture for the purpose of monitoring activity related to the XMLHTTP and ServerXMLHTTP HTTP objects in the Microsoft XML parser.

Three computers are used in this example:
  • The DataServer computer contains the XML file. In this example, Network Monitor is running on the DataServer computer.
  • The WebServer computer runs the ASP application that uses the ServerXMLHTTP object to request the XML data.
  • The IEClient computer runs the browser that requests the ASP page.

How to Run Network Monitor

To run Network Monitor, follow these steps:
  1. To open Network Monitor, on the Start menu, point to Programs, click Administrative Tools, click Network Analysis Tools, and then click Network Monitor. Note that Network Monitor is not installed on Microsoft Windows 2000 by default. If your start menu does not contain this option, you may need to add it by using Windows 2000 Setup.
  2. To select the network interface on which the capture will run, on the Network Monitor Capture menu, click Networks. Expand Local Computer to see the available network interfaces on which you can capture data. One interface exists for each network adapter in the computer, with one additional interface for a dial-up connection. The dial-up connection has its Dial-up connection property set to True. Select the interface that connects to the network that you want to monitor and click OK.
  3. On the Network Monitor Capture menu, click Buffer Settings. The default buffer size is 1 MB. However, one drawback of having a small buffer size is that if the data that you are trying to capture is unpredictable, the buffer may wrap around before you can stop the trace, causing you to lose the data that you need. You can increase the buffer size to provide more time to stop the trace. You might need to change the size to 10-20 MB, depending on the data that is being monitored.
  4. In general, you should filter addresses before you capture the trace to ensure a smaller trace file size. To set up a capture filter, first obtain the IP address of the WebServer and IEClient. To do this, from a command prompt, type Ipconfig.exe.NOTE: On a Microsoft Windows 95, Microsoft Windows 98, or Microsoft Windows Millennium Edition (Me) computer, type Winipcfg.exe at a command prompt.

    NOTE: You should note the client IP address each time you start a capture, because this address can change.

    To add these addresses to the Network Monitor address database, follow these steps:

    1. On the Capture menu, click Filter. In the Capture Filter dialog box, under (Address Pairs), double-click INCLUDE *ANY <--> *ANY.
    2. Click Edit Addresses and click Add. Type a friendly name for the WebServer computer, and for Type select IP. Type the IP address and click OK. Repeat this process for the IEClient computer.
    3. Because the DataServer computer is running Network Monitor, there is already an entry in the address database that uses the computer name. Double-click the computer name, change the name to DataServer, and click OK.
    4. Click Close to return to the Address Expression dialog box.
  5. In the Address Expression dialog box, choose the stations and traffic direction for the filter. For this example, create two criteria to filter on. Criterion 1 allows traffic between the WebServer and IEClient computers to be included in the capture, and criterion 2 allows traffic between the WebServer and DataServer computers. To set up the filter criteria, follow these steps:

    1. To set up filter criterion 1, in the left pane select IEClient, click the double-headed arrow (<-->), and in the right pane select WebServer.
    2. Click OK and make sure that the filter has been created under (Address Pairs).
    3. Double-click (Address Pairs) to add criterion 2.
    4. In the left pane, select WebServer, click the double-headed arrow (<-->), and in the right pane select DataServer.
    5. Click OK. The filter criteria shown under Address Pairs are as follows:
      INCLUDE WebServer(IP) <--> DataServer(IP)
      INCLUDE IEClient (IP) <--> WebServer(IP)
      						
    6. Click OK to close the Capture Filter dialog box.

How to Capture the Data

To capture the data, follow these steps:
  1. On the Capture menu, click Start. Note that the trace is now running, but that no data has been captured yet because nothing has met the filter criteria.
  2. On the IEClient computer, browse to the ASP page that is located on the WebServer computer.
  3. After the Web site has loaded in the browser, switch back to Network Monitor. On the Capture menu, click Stop.

How to View the Data

To view the data, follow these steps:
  1. On the Capture menu, click Display Captured Data.
  2. Double-click a frame that you want to view. This causes the Detail (middle) and Hex (bottom) panes for that frame to be displayed. Note that when a section is selected in the Detail pane, it causes the hex data for this section to be selected in the Hex pane, along with the ASCII translation.
  3. In the Detail pane, double-click the HTTP section of the frame to expand it. The hex and ASCII HTTP data are selected in the Hex pane.
  4. Continue to drill down, selecting any fields under the HTTP frame that you want to view.

Steps to Reproduce Example Scenario

  1. On the WebServer computer, paste the following code into a file and name the file Xmlsxh.asp:
    <%
      Dim xmlSXH
       Set xmlSXH = Server.CreateObject("MSXML2.ServerXMLHTTP.3.0")
       xmlSXH.Open "GET", "http://machinename/VirtualDirectory/sample.xml", false
       xmlSXH.send 
       Response.Write xmlSXH.responseXML.xml	
      Set xmlSXH = Nothing
    %>
    					
  2. On the DataServer computer, paste the following code into a file and name the file Sample.xml:
    <?xml version="1.0" ?>
    <kukus>
    	<kuku>	kuku	</kuku>
    </kukus>
    					
  3. On the IEClient computer, use Internet Explorer to call Xmlsxh.asp from the WebServer computer. The URL will resemble the following: http://machinename/VirtualFolder/Xmlsxh.asp

REFERENCES

For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:
252876 How to View HTTP Data Frames Using Network Monitor
148942 How to Capture Network Traffic with Network Monitor
243270 How to Install Network Monitor in Windows 2000
200910 How to Install Network Monitor in Windows 95/98

Properties

Article ID: 295405 - Last Review: July 16, 2004 - Revision: 2.4
APPLIES TO
  • Microsoft Internet Information Services 5.0
  • Microsoft XML Parser 3.0
  • Microsoft XML Parser 3.0 Service Pack 1
  • Microsoft XML Core Services 4.0
Keywords: 
kbhowto KB295405

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com