Installing NETMON and NMAGENT on Win95

Chris: In answer to your question(s), in the order given:
1. This would be loaded from your WIN95 CD not the NT CD as that software is for the NT Server and Workstation. The install procedure is laid out below.
2. Everyhting you need initially should be on your WIN95 CD, however there are some updates you can download from the Microsoft site.
3. At the server, as an admin, yes you can view packets presuming that all 3.51 updates have been installed, however unless you add all of the dll's to the workstation, sign on as an admin and permit that station to have admin priviledges at the server, you will not be able to use that function. Even with all this having been done, the actual functionality is not nearly as good as it is with NT 4.0.
===================
When you install the Network Monitor agent, the protocol driver is also installed automatically. You must have both the agent and the driver installed if you want to use the agent with Network Monitor to conduct remote captures of network traffic to and from a computer running Windows 95.

However, if you want only to view the performance counters in System Monitor and you want to prevent anyone from accessing the local computer by way of the Network Monitor agent, you can choose to install only the protocol driver.
 
Note   The Network Monitor application uses NetBIOS to control the remote-capture computer. If you are using the IPX/SPX-compatible protocol to connect the agent and manager computers, you must enable NetBIOS support for IPX/SPX, as described in Chapter 12, Network Technical Discussion.
 
To install the Network Monitor agent on a single computer

 1. In the Network option in Control Panel, click Add.
 2. In the Select Network Component Type dialog box, double-click Service.
 3. In the Select Network Service dialog box, click the Have Disk button.
 4. In the Install From Disk dialog box, type the path to the ADMIN\NETTOOLS\NETMON directory on the Windows 95 compact disc, and then click OK.
 5. In the Select Network Service dialog box, click Microsoft Network Monitor Agent in the Models list, and then click OK.
 
To install only the Microsoft Network Monitor protocol driver
 1. In the Network option in Control Panel, click Add.
 2. In the Select Network Component Type dialog box, double-click Protocol.
 3. In the Select Network Protocol dialog box, click the Have Disk button.
 4. In the Install From Disk dialog box, type the path to the ADMIN\NETTOOLS\NETMON directory on the Windows 95 compact disk, and then click OK.
 5. In the Select Network Protocol dialog box, click Microsoft Network Monitor Driver in the Models list, and then click OK.
====================
The tools and agents that network administrators can use for system management are available from various installation sources. System management software can be installed during Setup or from Control Panel after Windows 95 is installed.
When you install Windows 95 from the installation floppy disks, System Policy Editor is installed automatically with the operational system files. This tool can be used to modify INI files, CONFIG.SYS, and AUTOEXEC.BAT. When you install Windows 95 from the compact disc, Setup installs Registry Editor, the utility used to modify the Registry. The following tools can be installed optionally from the Windows 95 installation disks (either floppy disks or compact disc):
· Disk Defragmenter, DriveSpace, ScanDisk, and Microsoft Backup, as described in Chapter 20, Disks and File Systems.
· Net Watcher, as described in Chapter 16, Remote Administration.
 
Some agents and tools are provided only on the Windows 95 compact disc (in the directories shown in the illustration), and not the Windows 95 floppy disks. This software can be installed directly from the compact disc, or the administrator can copy the software to the shared network directory that contains the Windows 95 source files. This software can be installed from custom setup scripts during Windows 95 installation, or by using Control Panel after Windows 95 is installed.

The following administrative tools can be installed from the Windows 95 compact disc by using the Network option in Control Panel:
·      Arcada® Backup Exec agent
·      Cheyenne® ARCserve agent
 
The following tools are available only in the ADMIN\APPTOOLS directory on the Windows 95 compact disc. You can run these tools directly from the compact disc or install them locally by using the Add/Remove Programs option in Control Panel:
· Password List Editor (in the PWLEDIT subdirectory), as described in Chapter 14, Security.
· System Policy Editor (in the POLEDIT subdirectory), as described in Chapter 15, User Profiles and System Policies.
 
The following agents and services are available only in the ADMIN\NETTOOLS directory on the Windows 95 compact disc. You can install them on a local computer by using the Network option in Control Panel.
· For remote administration:
· Microsoft Remote Registry service (in the REMOTREG subdirectory)
· Microsoft SNMP agent (in the SNMP subdirectory)
· Microsoft Network Monitor agent (in the NETMON subdirectory)
 
For information about including options from the ADMIN directory on the Windows 95 compact disc such as the Microsoft Network Monitor agent, SNMP, or SLIP when installing Windows 95 from a network source, see Chapter 5, Custom, Automated, and Push Installations.
==========================
 - Microsoft Windows NT operating system version 3.1
 - Microsoft Windows NT Advanced Server version 3.1
 - Microsoft Windows NT Workstation versions 3.5 and 3.51
 - Microsoft Windows NT Server versions 3.5 and 3.51
 - Microsoft SNA Server for Windows NT, versions 2.1 and 2.11
 - Microsoft LAN Manager to Windows NT Advanced Server Upgrade
 - Microsoft Systems Management Server version 1.0
 - Microsoft LAN Manager version 2.2c
 - Microsoft TCP/IP-32 for Windows for Workgroups versions 3.11, 3.11a, and 3.11b
 - Microsoft Windows for Workgroups version 3.11
 - Microsoft Internet Information Server version 1.0
-------------------------------------------------------------------------
The purpose of this article is to provide you with the information needed to capture network traffic from a local area network using Microsoft's Network Monitor.  The text of this article comes directly from the Network Monitor's Help file and should be referenced for more detailed instructions.
================
Overview
--------
Network Monitor is a network diagnostic tool that monitors local area networks and provides a graphical display of network statistics.  Network administrators can use these statistics to perform routine trouble-shooting tasks, such as locating a server that is down, or that is receiving a disproportionate number of work requests.  While collecting information from the network's data stream, Network Monitor displays the following types of information:
 - The source address of the computer that sent a frame onto the network.  (This address is a unique hexadecimal (or base-16) number that identifies that computer on the network.)
 - The destination address of the computer that received the frame.
 - The protocols used to send the frame.
 - The data, or a portion of the message being sent.
The process by which Network Monitor collects this information is called capturing. By default, Network Monitor gathers statistics on all the frames it detects on the network into a capture buffer, which is a reserved storage area in memory.  To capture statistics on only a specific subset of frames, you can single out these frames by designing a capture filter. When you have finished capturing information, you can design a display filter to specify how much of the information that you have captured will be displayed in Network Monitor's Frame Viewer window.
 
To use Network Monitor, your computer must have a network card that supports promiscuous mode. If you are using Network Monitor on a remote machine, the local workstation does not need a network adapter card that supports promiscuous mode, but the remote computer does.
 
To capture across networks, or to preserve local resources, use the Network Monitor Agent to capture information using a remote Windows NT computer.  When you capture remotely, the Network Monitor Agent gathers statistics from a remote computer, and then sends these statistics to your local computer, where they are displayed in a local Network Monitor
window.
 
Once data has been captured either locally or remotely, the data can be saved to a text or a capture file, and can be opened and examined at a later time.
 
NOTE: The core functionality of Network Monitor, described in Help, is supported by Microsoft Product Support Services. Network-dependent tasks, such as interpreting data that you capture from your network, are not supported.  The Network Monitor Agent is supported for Windows NT, but is unsupported on Windows 3.1 and Windows for Workgroups workstations.
 
Creating an Address List
------------------------
To use address pairs in a Capture filter, you should first build an
address database. Once this database is built, you can use the addresses listed in the database to specify address pairs in a capture filter.
 
To create an address list, follow these steps:
1.  From the Capture menu, select Start. Optionally, open a .cap file in the Frame Viewer window.
2.  When you have finished capturing, select Stop and View from the Capture menu to display the Frame Viewer window.
3.  From the Display menu, select Find All Names.  Network Monitor processes the frames, then adds them to the address database.
4.  Close the Frame Viewer window, and display the Capture window.
5.  From the Capture menu, select Filter to display the Capture filter dialog box.
6.  In the Capture Filter dialog box, double-click on the Address Pairs line. Or, choose Address in the Add groupbox.
 
Network Monitor displays the address database you've created. You can use the names in this database to specify address pairs in the Capture filter.
 
Capturing Data Between Two Computers
------------------------------------
To monitor traffic between two computers, follow these steps:
1.  From the Capture menu, choose Filter to display the Capture Filter dialog box.
2.  Double-click on the ANY<->ANY line to display the Address Expression dialog box.
3.  In the left window of the Address Expression dialog box, select the address of a computer.
4.  In the right window of the Address Expression dialog box, select the address of a computer. When you have done this, choose the Next button at the top of this window for more instructions.
5.  In the Direction window, of the dialog box, choose one of the
    symbols:
  - Choose the <--> symbol to monitor the traffic that passes in either direction between the addresses that you have selected.
  - Choose the --> symbol to monitor only the traffic that passes from the address selected in the left window to the address selected in the right window.
6.  Choose OK.
7.  In the Capture Filter dialog box, choose OK.
8.  From the Capture menu, choose Start.
 
Saving Captured Data
--------------------
Use the Save As command to save capture statistics to a capture file or to save changes to capture files that you have modified. Later, to view frames saved to file, you can open this file and display the statistics in Network Monitor's Frame Viewer window.
 
To save the captured frames to a capture file or text file
1.  Do one of the following:
    On the Toolbar, click the File Save button.
    Or, from the File menu, choose Save As.
 
2.  Do one the following:
 
  - To save the file to the current drive and directory, in the File Name box, specify a file name and an extension.  If you are saving a file that you have modified, you cannot save it under its original name in the same directory.
  - To save the file to a network share to which you are not connected, choose the Network button, and then use the Connect   Network Drive dialog box to establish the connection.
  - To save the file to a different drive or directory, do the following:
    In the Drives box, select a new drive.
    In the Directories box, select a new directory.
    Type the file name.
3.  To save only those frame statistics that meet the specifications of the current display filter, choose Filtered. This option is available only if you are saving data from the Frame
Viewer window.
4.  To save a particular range of frames, type the beginning and ending frame numbers in the From and To boxes.
5.  Choose OK.
NOTE: When a range of frames is saved to a capture file, the numbers associated with the frames are changed; in a capture file, frame numbers always begin with 1, regardless of the number associated with the original frame. Similarly, if you apply a display filter, and then save the filtered frames, the frame numbers in the capture file begin with 1. If, however, you use the Print to File option in the Print dialog box, the original frame numbers associated with the frames are preserved.

I hope this helps you! Post your results, and if you have a problem please post it an we will go deeper.

Best regards,
Dennis

Dennis, I hate to reject your response since you included so much information in it, but where on my Win95 CD is the Network Monitor _application_, NOT the agent/protocol driver?  I know agent/protocol driver are on my CD, but you need more than the driver to view the packets...  Maybe I just missed it on the CD, but I could swear that I looked all over it.  I also remember from DejaNews, that people have used the WinNT 4.0, 3.5.1 version on their Win95 boxes, since that was the only place to get it.

FYI, at my last employer, I used a version of Network Monitor (3.5.1) that allowed me to view all packets on the cable regardless of whether or not they were to me.  My machine was a Win95 box.

Now, if you can point me as to exactly where the Network Monitor Application is, I'll be very happy.  If it is on the Win95 CD, man, I need to have my eyes checked....

Thanks,

Chris

Don't take this personally, but I don't want to grade your answer yet because this is exactly what I did before (and yes, using the Windows 95 CD under /admin/nettools/netmon).  I really do appreciate your help though and will try again.  

I would _love_ to know what the heck was different about the version that I had received from a friend at my former employer a while back.  He said that he got it off of his NT 3.5.1 CD.  But now I am doubting that....  

Well, thanks for your help.  Will be grading your answer real soon!

Chris: If your cd doesn't have it, let me know and I'll zip all of the files and email them to you. If you need them from NT 3.51, your outta luck fella, we moved to 4.0 a while ago. I can take them from NT 4.0 for you if you want to play with those!

Best regards.
Dennis