This data source supports monitoring of network traffic through network adapters. It enumerates all installed network adapters, including virtual adapters.
By default, full traffic through the network adapter is always monitored. Use the Capture Filter to reduce the amount of monitored data and filter unneeded traffic.
Currently, the following data processing modules are supported for network monitoring:
Network data source as well as all its data processing modules fully support multi-source sessions.
During monitoring, a network source tries to identify a source (for outgoing packets) or recipient (for incoming packets) of the packet. If it succeeds, it stores the process ID and process name. This information is available to the user by means of data visualizers, such as Structure View. This information is organized in such a way, that even if you record a log file and then play it back, correct process association information is displayed to the user. Of course, the process association information is valid only on packet capture time and may become invalid any time later. Windows actively reuses process IDs, so care must be taken when the user tries to associate a packet with currently running process.
All network data processing modules such as parsing in Structure View or in Capture Filter depend on protocol definitions installed with Device Monitoring Studio.
These definitions are written using the Protocol Definition Language and are installed with a product in
Device Monitoring Studio also allows the user to customize these definitions by adding new protocols or modifying existing ones. The current version, although, does not provide any utilities that help the user in this customization. The user needs to edit the supplied protocol definition files manually to achieve his task. This will be addressed in future versions.