>There was a Microsoft tool I forgot the name of that was available even in Windows NT days, perhaps "netmon"?
Network Monitor, also called netmon (or Bloodhound internally), which actually had a documented (maybe unsupported IIRC, but still easy to tap into) API. I wrote a tcpdump wrapper around it, before Ethereal was a thing. The API, and hence netmon, became invalid with the "next-gen" TCP stack of Longhorn/Vista.
Eventually, MSNA (Microsoft Network Analyzer) came along, which worked on ETW and was able to analyze network and other ETW traces. You could write handlers for any protocol in a supported DSL. You could even make it parse log files and filter/analyze the data.
The New Microsoft being what they are, they killed MSNA because it was too powerful and useful to Windows developers. It probably wasn't used by a lot of people, but if you knew how to use it it was one of the most powerful analysis tools of its time.
Edit: Microsoft Message Analyzer, not Network Analyzer.
I believe it was Message Analyzer, and what was super cool was its ability to correlate ETW stuff. So you could literally see the interplay between... say... a webserver log, an OS level NIC driver log, and a network capture.
I still don't get why MS stopped its public distribution, although I do know it was pretty buggy as released...
And yeah, netmon is great. I still use it when I want to filer Windows captures on PID, since Wireshark won't do that. (Even though netsh or pktmon -- built in Windows tools for recording captures -- have it in the header...)
Network Monitor, also called netmon (or Bloodhound internally), which actually had a documented (maybe unsupported IIRC, but still easy to tap into) API. I wrote a tcpdump wrapper around it, before Ethereal was a thing. The API, and hence netmon, became invalid with the "next-gen" TCP stack of Longhorn/Vista.
Eventually, MSNA (Microsoft Network Analyzer) came along, which worked on ETW and was able to analyze network and other ETW traces. You could write handlers for any protocol in a supported DSL. You could even make it parse log files and filter/analyze the data.
The New Microsoft being what they are, they killed MSNA because it was too powerful and useful to Windows developers. It probably wasn't used by a lot of people, but if you knew how to use it it was one of the most powerful analysis tools of its time.
Edit: Microsoft Message Analyzer, not Network Analyzer.