Netmon does not use the packet.sys drivers. Instead it uses some other set of drivers or kernel functions. In the past, I was able to search MSDN for “Bloodhound” and get some information. “Bloodhound” is apparently the name of the company MS bought to get this capability. Whatever kernel support is used is apparently not documented.
Here’s a summary of the things I collected about NetMon usage.
1… NetMon Documentation
Most of the NetMon2.0 documentation is in the Platform SDK under “Network and Directory Services/Network Management/Network Monitor”. Other documentation can me found under “C:\SMSADMIN\netmon\i386\mcsui.chm” and “C:\SMSADMIN\netmon\i386\netmon2.chm” if the SMS version of NetMon was installed. Also “c:\Program Files\NetMon2SDK\netmon.chm” contains documentation if the NetMon 2 SDK was installed. “C:\SMSADMIN\netmon\i386\readme.htm” contains release notes.
2… NetMon Installation
To install the full-featured NetMon version, the Microsoft Systems Management Server CD must be used. For 2.0 SP 1 version of NetMon, run \Mnext\setup.exe.
(Alternately, install SMS: Use all of the default options, but set up a secondary site. You can make up a primary site name to get NetMon installed. (NetMon also installs on Windows 2000 via the same mechanism, if you ignore the warnings about not working on that OS.))
To run NetMon, make sure to run the version from SMS. There may be other shortcuts to the “lite” version that came with NT Server.
Q: “Is there a Network Monitor (NetMon) 2.0 SDK available?” A: "The NetMon 2.0 documents are in the Platform SDK, but it is missing the NetMon samples and build environment. If you need the NetMon build environment for the SMS Beta 3 Toolkit it is shipping in the Back Office Resource Kit 4.5 "
-DH
----- Original Message -----
From: “Barak Mandelovich”
To: “NT Developers Interest List”
Sent: Tuesday, November 06, 2001 7:33 AM
Subject: [ntdev] Re: MS Netmon and Packet.sys – supporting multi plat forms
> Hi !
>
> I know it’s an NDIS 3 protocols, but:
> 1. Why does it work on 2000 when I compile it on 2000, and doesn’t work
> when compiled on NT (and vice versa: it doesn’t work on NT when compiled
> on 2000).
>
> 2. How does Microsoft open the NIC in promiscuous mode?
> Don’t they do it using a driver?
> What kind of driver? Can I do the same?
>
>
> thanks,
>
> - Barak
>
> -------------------------------------------------
> Barak Mandelovich xxxxx@mercury.co.il
> Mercury Interactive ltd. 19 Shabazi St.
> -------------------------------------------------
>
>
>
> -----Original Message-----
> From: Maxim S. Shatskih [mailto:xxxxx@storagecraft.com]
> Sent: Tuesday, November 06, 2001 12:41 PM
> To: NT Developers Interest List
> Subject: [ntdev] Re: MS Netmon and Packet.sys – supporting multi platforms
>
>
> > (I didn’t try it on XP yet, but I believe it’ll work), while the
> packet.sys
> > must be compiled for different platforms ?
>
> Packet.sys is NDIS3 protocol - maybe the problem is there?
>
> Max
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@syssoftsol.com
> To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
—
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com