What is Windows network monitoring?
Windows network monitoring is the branch of network monitoring that refers to monitoring a network that uses Microsoft Windows as the operating systems on its devices. Commonly this means hosts and user terminals rather than network devices as switches or routers, but the definition is not strict.
Network administrators use a variety of Windows network monitoring tools. These include specialized networking tools for Windows, built-in tools, and manual monitoring processes. The latter are usually based on network monitoring protocols that are available on Windows platforms, like WMI or SNMP. The specific approach is decided according to the needs of the organization and the available capabilities on the network.
Useful networking tools for Windows monitoring include network analyzers, network traffic monitors, and packet capture tools. Such software comes as both separated from and integrated into a larger network monitoring suite. We will discuss some of these Windows tools later on in this guide.
Network monitoring for Windows therefore encompasses a range of tools for specific purposes or larger suites that include their features and many more.
How to monitor networks on Windows hosts?
A Windows network monitor can mean a few different types of software. It may be one of the tools for network monitoring that come with Windows, usually installed on locale and monitoring a single host and network. It may be a third-party tool that focuses on a single host to monitor. Or it may be a fully-fledged network monitoring suite that includes Windows hosts monitoring capabilities, as it is usually the case. These suites may also be utilized from the cloud, removing the need for a local installation.
The first type includes small utilities like the network traffic monitor for Windows 10 and other versions, or a network traffic analyzer. These do small, circumscript tasks, and are light on resources. Since they are already installed on Windows, they are often the first resource a network administrator goes to for troubleshooting an issue or to have a quick view of what is occurring on a specific Windows host. These Windows tools include the Resource and Performance Monitor, the Event Viewer or Microsoft Network Monitor. We consider them basic tools as they have few features, are rather inflexible in how they operate, and lack advanced features like custom reporting, alerting and so on.
As soon as your needs go beyond checking, rather manually even, some Windows hosts, it is necessary to look into implementing a third-party tool or a complete network monitoring solution. These are multifaceted, with a vast selection of features that go much beyond network monitoring for Windows computers. Some are simpler, making them suitable for monitoring smaller networks and using just a part of the many network monitoring protocols in existence.
For enterprise networks, a larger suite, be it on the cloud or on premise, is optimal. Such software is able to monitor servers that are in different locations and formats, for example in one of the cloud services or in a VM, doing more than simply checking the status of a Windows host or a Windows network. Checkmk is one of these larger suites for Windows network monitoring, and not only that.
Worth mentioning is also the possibility of setting up a Windows network monitor by exploiting specific Windows monitoring protocols like WMI and the more recent MI. Albeit largely impractical for large tasks, developing an application that interfaces with Windows computers for narrow scopes is certainly an option. Microsoft offers good documentation to get started using WMI for monitoring and configuring Windows hosts. Then it is only a matter of time and human resources to develop a custom Windows network monitor or a simpler script to cover the needs of your infrastructure.
Basic and advanced tools for network monitoring on Windows
There are a handful of Windows network monitoring tools that come pre-installed, or free to download, with Windows. Listed from the simplest to the most complex one, they are Resource and Performance Monitor, Event Viewer, and Windows Network Monitor.
The Resource and Performance Monitor is launched by running resmon
. It is a useful tool for monitoring networks in small to medium-sized enterprises. It provides real-time performance data and allows you to monitor key metrics such as CPU, memory, disk, and network usage. It is also not suitable for larger networks, as its scalability is limited due to being designed to monitor a single Windows local host. Furthermore, it lacks advanced features like custom alerts and reports, commonly found on advanced networking tools for Windows monitoring. Yet, it may be of help for troubleshooting and quickly diagnosing issues.
A more in-depth Windows tool is the Event Viewer. While lacking in performance monitoring and visualizing metrics, it gives access to the event log of Windows systems, filtering and searching them at will. It is not exactly a proper Windows network monitor, but can be helpful in monitoring Windows systems through the manual searching and checking of all the types of Windows events.
Specific to analyzing network traffic and devices is Windows Network Monitor. Also known as “NetMon”, it features a network analyzer and can work as a Windows packet capture tool. As a network monitoring for Windows tool, it is a useful addition to the array of possibilities that network administrators have to analyze Windows systems. It functions as a network traffic monitor on Windows 10 (but not only) and general network analyzer. It is not actively developed by Microsoft anymore, though, which discourages its use for anything other than cursory monitoring.
Any of these tools can provide useful info to administrators, especially in smaller networks, but neither is sufficient for the needs of big infrastructures, encompassing remote servers, cloud and virtual machines on its own. These advanced tools for network monitoring on Windows go far beyond what the basic tools can do, and satisfy higher necessities that are frequent in today’s computing landscape. They usually come at a price, unless choosing their open source version like Checkmk Raw, but a justified one for the plethora of features, advanced scalability, improved performances, and automation powers. If anything, rarely a network is a pure Windows one, and these advanced monitoring tools support Linux and Unix-like systems as well, avoiding fragmentation. In all but the simplest networks, one of these tools is what is needed as a Windows network monitor.
The commercial Checkmk Editions are an answer to the needs of modern network monitoring and excellent Windows network monitoring solutions.
FAQ
Wireshark is a network protocol analyzer to capture and analyze network traffic and probably the best option for a simple, free open source tool for network monitoring for Windows. SNMP monitoring can be done on Windows via the open source Net-SNMP package. Ntop is a comprehensive solution for analyzing network traffic in real-time. And of course, Checkmk Raw is an open source option for monitoring on Windows (as a Docker container).
There are a few tools that can play the role of a Windows packet capture software. Wireshark can be used for packet capture on Windows 10 and earlier (8 and Server 2012 onward). Microsoft had its Message Analyzer for the same scope, but it has been deprecated since 2019 and not actively maintained anymore. The same applies for Microsoft Network Monitor. Tcpdump for Windows is a version of the popular packet capturing tool for Linux and Unix systems and can work as a replacement for these deprecated software.