What is Unified Tracing?
According to Microsoft “Windows 7 also includes Unified Tracing to help identify and resolve network connectivity
issues in a single tool. Unified Tracing collects event logs and captures packets across all layers of the networking stack, providing an integrated view into what’s happening in the Windows 7 networking stack and aiding analysis and problem resolution.”
What that means is that under the auspices of one analytical tool, you can get information about the network and other connectivity issues. It can collects network-related event logs and provide captures packets across all network layers.
To perform Unified Tracing, you need the Netsh command line command, and the Network Monitor tool, which can be downloaded from Microsoft.
Part 1 Unified Tracing – Download the Network Monitor Tool:
Let us start with the Network Monitor tool, since this is a powerful tool that will be used to make the analysis. Microsoft Network Monitor 3.3 tool is used to capture and perform protocol analysis of network traffic.
Download and install the version that is right for your system. There is an Itanium version (6.2 MB), a 64 bit version (5.2 MB), and a 32 bit version (5.0 MB).
Installing Microsoft Network Monitor 3.3
Microsoft Network Monitor 3.3
Now you are ready to load the etl file created with the Netsh command.
Part 2 Creating the etl file using Unified Tracing
First open the command prompt
Click Start then select Run
CMD
An etl file will be created from the Netsh command. It will subsequently uploaded into the Network Monitor Tool.
Run the the Netsh Command
The netsh command is used for the unified tracing operation available in Windows 7. You can use the Netsh.exe tool to perform the following tasks:
* 1.Configure routes.
* 2.Configure filters.
* 3.Configure routing protocols.
* 4.Configure interfaces.
* 5.Display the configuration of a currently running router on any computer.
* 6.Configure remote access behavior for Windows-based remote access routers that are running the Routing and Remote Access Server (RRAS) Service.
* 7.Use the scripting feature to run a collection of commands in batch mode against a specified router.
The syntax for the Netsh.exe tool is:
netsh [-r router name] [-a AliasFile] [-c Context] [Command | -f ScriptFile]To learn how to use Netsh with its switches and parameters, type the context name followed by a space and a ? at the netsh> command prompt. Netsh /?. Or to display a list of subcontext and commands that can be used in the interface context, type Netsh Interface / ?
Netsh command: Netsh /? To view the switches
and Parameters
Example #1
To see an example of Netsh
netsh interface ip show config [This is similar to the
netconfig command
Example #2 Netsh to trace network connections
Run the following command
Netsh trace start scenario = InternetClient tracefile=Windows7News.etl
netsh trace start scenario = InternetClient tracefile = Windows7News.etl
To stop the trace type: Netsh trace stop
Part 3: Launch Microsoft Network Monitor
Open Microsoft Network Monitor and select file -> open -> capture -> msn.etl (in the folder that it was created saved in.)
Network Conversations - Details of
Windows7News.com trace
This will show the network trace to the Windows7News.com site. The network monitor tool breaks down the activity frame by frame. Here are some of the features available in the tool.
Frame Comments
API Extensions
Autoscroll
Right-Click Add-to-Alias
Tunnel Capture Support
WWAN Capture Support
Experts Available Online
Right-Click Go-to-Definition
You can also create a capture on the local computer network.
Go to New Capture -> Press Start (F5)
Using the Capture command to
Identify Local Network Operations
The network monitor tool works with Netsh to provide information about network connections. Netsh, the command line tool has many switches and parameters. The GUI interface uses the information created by the netsh operation, an etl file and puts it in readable format in the GUI interface.
You can download this invaluable tool here
http://www.microsoft.com/downloads/details.aspx?FamilyID=983b941d-06cb-4658-b7f6-3088333d062f&displaylang=en
