You installed Network Monitor on a dedicated Windows NT system (Monitor 2) to observe traffic from an application server. With only base OS on servers Monitor 1 and Monitor 2, what is the correct way to monitor the application server’s traffic remotely?

Difficulty: Medium

Install Network Monitor on Monitor 1
Install Network Monitor on Application Server
Configure the network monitor ECP port for TCP
Configure the network monitor EDP port for UDP
Configure Monitor 2 and the application server as monitoring partners to enable remote capture

Correct Answer: Configure Monitor 2 and the application server as monitoring partners to enable remote capture

Explanation:

Introduction / Context:
Microsoft Network Monitor can capture traffic locally or remotely. For remote capture on Windows NT/2000, you pair a capture station with the target by installing and configuring the Network Monitor agent on the target, then authorize the capture station. This question checks knowledge of the remote capture pairing rather than arbitrary port configuration or installing the full analyzer everywhere.

Given Data / Assumptions:

Monitor 2 already has Network Monitor installed.
The application server needs to be monitored; minimal additional software is acceptable.
Goal: capture traffic from the application server without turning it into a full analyzer console.

Concept / Approach:
On the application server, install the Network Monitor Agent component and configure it to allow remote captures from the authorized capture computer (Monitor 2). This creates a “monitoring partners” relationship—Monitor 2 can initiate and control captures on the application server through the agent. Arbitrary “ECP/EDP ports” are not relevant settings, and installing the full analyzer on another box (Monitor 1) does not help capture the application server unless that is where you run the agent or the analyzer locally.

Step-by-Step Solution:

Install Network Monitor Agent on the application server via Add/Remove Programs → Networking.On Monitor 2, connect to the remote agent and set capture permissions.Start a remote capture; reproduce workload; stop and analyze the trace on Monitor 2.Optionally set capture filters to focus on the app’s ports or hosts.

Verification / Alternative check:
Confirm packets are captured when traffic is generated, and that capture files reflect the application server’s interfaces. Validate that only authorized stations can request captures from the agent.

Why Other Options Are Wrong:

Install Network Monitor on Monitor 1: irrelevant to monitoring the target.
Install Network Monitor on the application server: full console not required; the agent suffices.
ECP/EDP port settings: not a real configuration for Network Monitor.

Common Pitfalls:
Forgetting to install the agent on the target; lacking permissions from the capture station; attempting to mirror switch ports without SPAN/RSPAN when needed on switched networks.

Final Answer:
Configure Monitor 2 and the application server as monitoring partners to enable remote capture.

Discussion & Comments

No comments yet. Be the first to comment!

You installed Network Monitor on a dedicated Windows NT system (Monitor 2) to observe traffic from an application server. With only base OS on servers Monitor 1 and Monitor 2, what is the correct way to monitor the application server’s traffic remotely?

More Questions from Windows 2000 Server

Discussion & Comments