Using Microsoft NetMon to troubleshoot application network communications

Recently showed NetMon to a developer for troubleshooting IntelliJ. The Java development environment app was freezing and we found it was attempting to go direct to Maven central repository instead of our internal repository or out via the web proxy.

NetMon is a network capture tool. Rather than showing you raw data like wireshark, it breaks down the traffic into “conversations” per process (and process ID).

This makes it easier to see the forest for the trees, or the tree you’re interested in instead of the whole forest. <– Insert better analogy here

Also if you’re interested in HTTP only you can set a capture filter to capture only HTTP traffic.  This means less capture results filtering later (less noise).

  1. Install NetMon
  2. Launch NetMon with local admin rights
  3. Filter capture on HTTP (saves filtering results later, NB if your webproxy uses another port like 8080, add this TCP port also)
    image2014-10-21 14_7_45
  4. Start capture
  5. Pick the process you’re interested in and drill down into the captured traffic

You’ll see the OS and your browser doing web proxy autodetection (WPAD) if you use that.

Leave a Reply