You are here:   Research
  |  Login

Welcome to my blog, quickest way to find articles is usually to search for them.

Minimize
Search in All Title Contents
 
     

How to run Microsoft Network Monitor in WinPE

Jul 31 2017

In this guide you learn how to run the Microsoft Network Monitor in WinPE, for example for advanced debugging of OS Deployment issues. This guide is based on the following KB article from Microsoft: https://support.microsoft.com/en-us/help/4034393/how-to-get-network-captures-from-a-task-sequence-in-windows-pe. But I’ve added some clarification steps, as well as PowerShell scripts to make the process easier (and automated).

To run Microsoft Network Monitor in WinPE you basically have to do three things:

  • Extract the Network Monitor files
  • Add the Network Monitor files, and driver, to WinPE
  • Start Network Monitor after WinPE has booted

Step 1 – Extract the Network Monitor files

To add Network Monitor to WinPE (x64 in this example), you need to download Network Monitor 3.4 from the below link, and then extract the installation files. In my example I downloaded network monitor to the C:\Setup\Microsoft Network Monitor 3.4 folder.

Microsoft Network Monitor 3.4 download link (select the NM34_x64.exe option): http://go.microsoft.com/fwlink/?linkid=103158&clcid=0x409

To extract the Network Monitor 3.4 installation files, use this PowerShell script:

# Set path and verify it exist
$NetmonFile = "C:\Setup\Microsoft Network Monitor 3.4\NM34_x64.exe"
If (!(Test-Path $NetmonFile)){ Write-Warning "Network Monitor setup file not found, aborting..."; Break }

# Get the netmon.msi file
Start-Process -FilePath $NetmonFile -Wait -ArgumentList "/T:C:\Windows\Temp /C"

# Extract netmon files from the netmon.msi file
Start-Process msiexec -Wait -ArgumentList "/A C:\Windows\Temp\netmon.msi /qb targetdir=C:\Windows\Temp\Netmon"

 

image
The extracted network monitor files.

Step 2 - Add the Network Monitor files, and driver, to WinPE

The next step is to copy the various network monitor files to WinPE, and also add the network monitor driver. Here is a PowerShell that does that for you:

Note: Still working on getting the parsers to work in WinPE even though Microsoft KB article claims they won’t work :) Will update the post once I figure it out. In the mean time, simply capture the network in WinPE, save the result, and open it on a Windows machine with Network Monitor installed.

# Note: 
# To service a newer version of WinPE than the OS you are servicing from.
# For example service WinPE v1703 from a Windows Server 2016 server, you need a newer DISM version.
# Solution: Simply install the latest ADK, and use DISM from that version

# If your Windows OS already have a newer version of dism, uncomment the below line, and comment out line 10 and 11
# $DISMFile = 'dism.exe'

# Select DISM version to use
$DISMFile = 'C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\dism.exe'
If (!(Test-Path $DISMFile)){ Write-Warning "DISM in Windows ADK not found, aborting..."; Break }

# Mount boot image
$Bootimage = "E:\Sources\OSD\Boot\Zero Touch WinPE 10 v1703 x64\winpe.wim"
$MountDir = "C:\Mount"
If (!(Test-Path $Bootimage)){ Write-Warning "Boot image not found, aborting..."; Break }
If (!(Test-Path $MountDir)){ Write-Warning "Mount directory not found, creating it..."; New-Item -Path "C:\Mount" -ItemType Directory }
If (!((Get-ChildItem -Force $MountDir) -eq $Null)) { Write-Warning "The $MountDir folder is not empty, aborting... Please cleanup manually" }
Mount-WindowsImage -ImagePath $Bootimage -Index 1 -Path $MountDir

# Add netmon files
If (!(Test-Path "C:\Windows\Temp\Netmon\PFiles\Microsoft Network Monitor 3\netmon.exe")){ Write-Warning "Netmon files not found, aborting..."; Break }
Copy-Item "C:\Windows\Temp\Netmon\PFiles\Microsoft Network Monitor 3" "$MountDir\Microsoft Network Monitor 3" -Recurse

# Add netmon driver (and copy nm3.sys since netnm3.inf is missing Copyfiles instructions)
& $DISMFile /image:"$MountDir" /add-driver /Driver:"C:\Windows\Temp\Netmon\windir\inf\netnm3.inf"
Copy-Item "C:\Windows\Temp\Netmon\windir\System32\drivers\nm3.sys" "$MountDir\Windows\System32\Drivers"

# Save the changes to the boot image
Dismount-WindowsImage -Path $MountDir -Save

 

Step 3 - Start Network Monitor after WinPE has booted

The final step is to boot into WinPE, navigate to the X:\Microsoft Network Monitor 3 folder, and run the following commands:

nmconfig.exe /install

netmon.exe

Done! :)

 

image
Microsoft Network Monitor running in WinPE.

 

image
A saved trace in WinPE, opened on another machine with Network Monitor installed.

 

Written by Johan Arwidmark








Happy deployment, and thanks for reading!


What our lawyers makes us say:

This information is provided "AS IS" with no warranties, confers no rights and is not supported by the authors or Deployment Artist.

Copyright © 2017 by Deployment Artist (the company behind deployment research). All rights reserved. No part of the information on this web site may be reproduced or posted in any form or by any means without the prior written permission of the publisher.

Shorthand: Don't pass off our work as yours, it's not nice.

Blog Archive

Minimize