Over the weekend (between yard projects) I managed to download and do a little playing with Microsoft’s Network Monitor 3.0. While I prefer Wireshark, Microsoft’s price seems to be right for this product (free download here). While clean and efficient, I’ve found the fields a bit congested (always a problem when trying to display a lot of information – screen real estate becomes a premium).

Overall, this seems to be a good “quick-and-dirty” analyzer. I’ll have to dig into it a little further (like to try and find out what that “frame buffer manager” is), but filtering seems to be simple enough and it does a nice job of breaking out the packet information and you’re able to display individual packets in a separate window. I also like the multi-tabbed approach (something MS doesn’t always seem to do well) to displaying captures.

Pluses:

Check box selection of capture interfaces (including loopback)
Tabbed navigation
Plug-in compatible
Easy colorization filters
Clean and efficient overall appearance

Minuses:

As I mentioned, you can quickly become overwhelmed when looking at all that data and it doesn’t seem to have the greatest default layout
No automatic lookup of protocols (as in Wireshark)
Good program documentation, but it seems to be missing any protocol/traffic information of any kind
The first load is always a bit long, I has to load all the parsers into memory, subsequent loads are faster, however

Overall, a good addition to any network monitoring toolkit.