Here are my favorite tools.
- MS netmon 3.4 – This is a great tool because it makes it so easy to view TCP sessions. Also it easy to filter and do long running captures.
- Wireshark – I typically use Wireshark for converting tcpdump files in to netmon format. It also good for identifying lower level errors – IP or ARP for example. And it has parsers for Oracle TNS so when working on Oracle DB problems load you capture file here for hints. Stumped, load your cap file here and netmon, they both bring value.
- MS Research TCP Analyzer – this tool is an add on to netmon and is great for viewing the flow control of a tcp session. Good for perf analysis and getting an understanding of flow rate, this is helpful for detecting if net congestion is detected and the sender is throttling or the app doesn’t have any data to send or the receiver can’t eat the data fast enough.
- MS TCP Analyzer – yes there are two tools from MS called TCP Analyzer, this one comes in the Windows SDK. This is a handy standalone, xcopy install, tool that uses the estat mib data in Vista8 and above. Its easy – no net capture required and you get all the tcp flow control info. Great for repeatable tests. This is where you start when you trying to copy a large file across the WAN and aren’t getting the throughput you expect.
- Netstat – yes the one built in to the OS. This is handy when the app guy calls and suspects he has a connectivity problem. No tool to install, app guys can run it, no admin priv required. I tell them to run this cmd – netstat -an 3 | findstr “SYN” , then try their connection. If they see the TCP SYN then its blocked and can’t move to established state. You also get to see the IP used in the connection, something not always obvious in a NAT and multi interface env.
- MS Resource Monitor aka resmon – The network tab is pretty handy and provides a lot of info. More that you can get with perfmon. Shows Process – TCP session – throughput. Plus you can us the Disk tab to see where the process is writing the data.