Network Monitor Driver on XP ??

[Guest]

All

There is a program called NETCAP that comes with the windows xp resource kit. It install the network monitor driver so you can capture frames on the network and view the data. I need a way to install this driver on many boxes on my network. Im NOT tring to visit over 1500 pc's to do this manually. Does anyone know how to install this program silently?

Every time i do this from the command line it will say "Installing Network Monitor Driver" status 0%

It will just stay at 0%. Dosnt matter what box I do this on, it's consistent. So i cannot make a proper MSI file. Im hoping there is a /q option or something similar but i have tried the /q already also tried /s. But neither work. Does ANYONE know how to silently install the Windows XP network monitor driver???????

 

[David Wang [Msft]]

You do not need to silent install this on all 1500 boxes at all.

Why do you need to install this on all 1500 boxes? Suspending reality for a
moment -- if there are 1500 PCs and they are all on the same network
segment, you only need one machine with the network monitor driver installed
to be able to capture data frames of all 1500 PCs. You do not need the
driver at every PC to be able to capture network traffic everywhere -- the
cable going into that PC is the same that's going into your PC, and
electrical signals go across the entire cable, not from point-to-point... so
your PC can capture that other PC's network packets.

All you need is one such network monitor inside of each network segment to
be able to sniff traffic on the entire segment. Installing this
individually on each PC simply makes it possible for each PC to view their
traffic -- which I doubt is what you're interested in.

However, I think that the version with XP is intentionally restricted to
only capture/display data sent to the PC it's on. You're not getting
anything by installing it on all machines -- you need to run the version
which is not restricted.

--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
All,

There is a program called NETCAP that comes with the windows xp resource
kit. It install the network monitor driver so you can capture frames on the
network and view the data. I need a way to install this driver on many boxes
on my network. Im NOT tring to visit over 1500 pc's to do this manually.
Does anyone know how to install this program silently?

Every time i do this from the command line it will say "Installing Network
Monitor Driver" status 0%"

It will just stay at 0%. Dosnt matter what box I do this on, it's
consistent. So i cannot make a proper MSI file. Im hoping there is a /q
option or something similar but i have tried the /q already also tried /s.
But neither work. Does ANYONE know how to silently install the Windows XP
network monitor driver????????

 

[Matthias Tacke]

:

However, I think that the version with XP is intentionally restricted to
only capture/display data sent to the PC it's on. You're not getting
anything by installing it on all machines -- you need to run the version
which is not restricted.

AFAIK www.ethereal.com with winpcap doesn't have this restriction.
OTOH ethereal will read/interpret dumps fom Network Monitor.

HTH

 

[Joe Richards [MVP]]

Errr....

If the user is only interested in seeing the traffic visable to the one machine
OR if the network topology is everything on one shared segment like say a hub
yes I agree with you.

I won't discount the first but the second is highly unlikely unless running
Token Ring. You don't generally put 1500 PCs on a shared ethernet segment, that
many PCs goes onto switches and you can't see all traffic when you are plugged
into the normal switch ports, only broadcast traffic, multicast traffic, and
directed traffic in which you are involved. Depending on the router
configurations and subnet masking, you won't even see broadcasts from all of the
1500 machines from a single machine.

If you plug into the mirror ports of switches, you will get more info, but most
likely, still wouldn't see all of the traffic for all 1500 machines.

joe

 

[Joe Richards [MVP]]

Yes I will second the use of ethereal. For the most part it blows netmon out of
the water. You will find a great deal of MS Alliance and others use Ethereal as
well.

joe

 

[David Wang [Msft]]

Yes. Hence the prefix of "Suspending reality for a moment". ;-)

I mostly question why NetMon needs to be installed on 1500 PCs, unattended.
I think the user *thought* that it needs to be installed on all PCs in order
to monitor network traffic to/from it... which is far from the case. Just a
handful should be sufficient.

--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
Errr....

If the user is only interested in seeing the traffic visable to the one
machine
OR if the network topology is everything on one shared segment like say a
hub
yes I agree with you.

I won't discount the first but the second is highly unlikely unless running
Token Ring. You don't generally put 1500 PCs on a shared ethernet segment,
that
many PCs goes onto switches and you can't see all traffic when you are
plugged
into the normal switch ports, only broadcast traffic, multicast traffic, and
directed traffic in which you are involved. Depending on the router
configurations and subnet masking, you won't even see broadcasts from all of
the
1500 machines from a single machine.

If you plug into the mirror ports of switches, you will get more info, but
most
likely, still wouldn't see all of the traffic for all 1500 machines.

joe

 

[Joe Richards [MVP]]

Ah... I wondered what the suspending reality comment was all about... )