You must capture, inspect, and store TCP/IP packets to analyze a networking problem on a Microsoft environment. Which built-in utility is best suited for packet capture and deep inspection?

Introduction:
Troubleshooting TCP/IP problems often requires visibility into actual packets on the wire. Tools differ in purpose: some summarize counters, some manage services, and some capture frames for decode. This question asks you to pick the Microsoft utility historically designed to capture and analyze packets in detail.

Given Data / Assumptions:

• Windows/ Microsoft ecosystem context.
• Goal is packet capture and storage, not just connection listings or counters.
• Administrative access is available if required for capture.

Concept / Approach:
Network Monitor (NetMon) was Microsoft’s packet sniffer, capable of capturing frames, applying filters, and decoding numerous protocols. By contrast, NETSTAT lists active connections and ports; NBTSTAT displays NetBIOS name information; Performance Monitor tracks system and network counters; and the DHCP Management Console configures DHCP servers rather than inspecting packets. Therefore, for deep packet inspection and saving trace files, Network Monitor is the correct choice among the listed utilities.

Step-by-Step Solution:

Verification / Alternative check:
Microsoft later offered Message Analyzer and today many admins use Wireshark; however, within the classic Microsoft tooling list here, Network Monitor is the packet capture tool designed for precisely this task.

Why Other Options Are Wrong:

• NBTSTAT: NetBIOS name table/status, not capture.
• Performance Monitor: counters and trends, no packet decode.
• NETSTAT: shows sockets/ports and routing, not frames.
• DHCP Management Console: server configuration, not packet analysis.

Common Pitfalls:
Assuming NETSTAT can capture traffic; confusing service management with wire-level analysis; overlooking permission requirements for capture on some NICs.

Final Answer:
Network Monitor.