montana4me
asked on
Analyze what is going through my ethernet connection at start up
When my notebook boots, it seems to take a long time. I've notice the CPU use is pegged at 100% for quite a long time, and there seems to be a lot of activity on the Ethernet connection. I tried googling monitoring Ethernet traffic. It quickly became apparent to me that there are numerous programs to do this, but the wealth of information was overwhelming.
What simple to use, ideally free program can I use to monitor what is going through my Ethernet connection?
Windows XP 32bit, ThinkPad T61p, 2.4ghz C2D
What simple to use, ideally free program can I use to monitor what is going through my Ethernet connection?
Windows XP 32bit, ThinkPad T61p, 2.4ghz C2D
That should be "packet capture".
ASKER
Frabble: I think I understand what you write above.
If I wanted to monitor what my machine is doing after boot-up. What would I use then? The 100% CPU load occurs after booting into XP for maybe a minute or two. CPU load then returns to 5 to 10%. Can I use a program on my own machine? Would it still be wireshark?
If I wanted to monitor what my machine is doing after boot-up. What would I use then? The 100% CPU load occurs after booting into XP for maybe a minute or two. CPU load then returns to 5 to 10%. Can I use a program on my own machine? Would it still be wireshark?
It is possible to run Wireshark on your own machine but I would still use another machine.
There's two components to Wireshark, a packet capture driver and the analyzer itself. Normally the packet driver isn't loaded until the analyzer program is run though it is possible to have the driver run as a service. Either way, you still need to run the analyzer part and select the interface to monitor and tell it to start. Trying to capture on your own machine at startup will involve some delay, especially with what you are experiencing, and may miss some traffic.
Best to have a monitor already running and capturing while your machine is starting up, which is why you need to mirror your machines switch port traffic or use a hub.
You will then capture all the traffic involved after which you can save the trace and use the decoding/filtering features of Wireshark to look at the network activity.
There's two components to Wireshark, a packet capture driver and the analyzer itself. Normally the packet driver isn't loaded until the analyzer program is run though it is possible to have the driver run as a service. Either way, you still need to run the analyzer part and select the interface to monitor and tell it to start. Trying to capture on your own machine at startup will involve some delay, especially with what you are experiencing, and may miss some traffic.
Best to have a monitor already running and capturing while your machine is starting up, which is why you need to mirror your machines switch port traffic or use a hub.
You will then capture all the traffic involved after which you can save the trace and use the decoding/filtering features of Wireshark to look at the network activity.
ASKER
OK. All my machines operate in a domain controlled by an SBS 2003 server. Every machine is plugged into a 48 port switch. All machines have fixed IPs.
Can I install wireshark on any machine in the domain and set it to watch what is coming and going through the Ethernet port of the machine that I have a concern over?
Can I install wireshark on any machine in the domain and set it to watch what is coming and going through the Ethernet port of the machine that I have a concern over?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.wireshark.org/
To monitor your machine during boot up, you'll need another machine to do the oacket capture, connected to either a spanned switch port if your machine is connected to a switch, or insert a hub between your machine and its network port and monitor one of the other hub ports.