I was diagnosing a serious environmental problem on a customer site today and needed to use the trusty NetMon to view all packets between my machine and a web service hosted at a solution provider in the States.
No-one at the solution provider was using NetMon and I needed a way to send them output so that we could discuss. Those of you who are well versed in the ways of NetMon will realise that it is not possible to export a capture to anything other than the proprietary .cap format, and you cannot select multiple packets in the capture window to copy to the clipboard - you have to do them one at a time... :(
So, enter another trusty tool from the tool bag - Log Parser, which lets you write SQL-like queries against quite a few flat-file and proprietary datasources. It is a free download available from the following location:
http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en
Now, I've used Log Parser before to parse IIS log files (it is very fast by the way), but it was only in a Google search that I found out that it also can read the .CAP file natively, and export it to a format of your choice! I chose a CSV file so I could then open it directly in Excel, and highlight the rows where I think something was going wrong.
Example command line:
C:\Program Files\Log Parser 2.2>logparser -i:NETMON -o:CSV "select * INTO NetMonOutput.csv from NetMonCapture.cap"
You can use any of the NetMon standard fields in the query. Here's the list:
CaptureFilename,
Frame,
DateTime,
FrameBytes,
SrcMAC,
SrcIP,
SrcPort,
DstMAC,
DstIP,
DstPort,
IPVersion,
TTL,
TCPFlags,
Seq,
Ack,
WindowSize,
PayloadBytes,
Payload,
Connection
Cool huh. :)