Wish you could get a network capture from a computer with no capture software installed? Wish you could have a network traffic “flight recorder” on a USB key? Here’s your answer!”
The motivation behind creating this tool was to provide an extremely simple way to get a trace from an end user. And the name says it all, though maybe a small bit of false advertisement as it may take a bit more than just one click :). Once you have it downloaded to your machine, you can launch the executable and it will lead you through some simple dialogs that install the tool and start a trace. Once the trace is complete, which means it was manually stopped by the user or the default time of 2 hours have passed, a window will be opened to the location for the capture, called OneClick.cap.
Two Versions for Two Scenarios
One Click Autorun: The main scenario is a customer who has network access and can simply click on the EXE from a share or get the tool locally using the internet. Running this version will install NM 3.1 on your machine (if you do not already have a previous version of NM 3) and begin capturing. The capture will terminate after 2 hours, or if you press the ‘x’ key on your keyboard. If you did not have NM3 on your machine previously, NM 3.1 will subsequently be uninstalled.
Extract Only: For this scenario, the user doesn’t have network access at all. This version is tailor made for use with a USB drive to be inserted into a problem machine. If you place the files on the root of a flash drive, One Click will run automatically when you insert the drive. You can also run One Click by double clicking the file “OneClick.cmd” in the destination folder. The resulting capture will be copied back onto the USB device.
Detailed Tour of a One Click Capture
First thing I should mention is if you are running on Vista and don’t have NM3.1 previously installed or you are not a member of the Netmon User’s group, then you will need to run the EXE with elevated rights. Just right click the EXE and select “Run as Administrator”.
When you launch the One Click tool, it will prompt you with a EULA dialog. Assuming you accept the terms, then click YES. Remember that we do install a driver for Vista in cases where NM3 is not already installed. Also one caveat here is that if NM3.0 is installed, we use that driver rather than installing a new one. The disadvantage here is that NM3.0 can’t do wireless monitor mode or RAS capturing.
Once you accept the EULA, a CMD prompt dialog with a red background and white text shows up. We leverage NMCap for this job which is a command line utility, hence the CMD window. The window contains instructions as to where the capture file will be put by default. If you want to change this location, you can type a new one now.
If you choose the default be pressing enter, the capture will be started. At this point typing X on the keyboard will stop the capture once you are done. If you don’t press the X key, the capture will complete after 2 hours.
When the capture completes, an explorer window will open to the location where the capture file was stored. This allows the user to simply send the file to you in email or upload it to a location where it can be accessed by the original requestor.
If multiple captures are taken with the tool, the current OneClick.cap file will be renamed and appended with an incrementing number on the end.
Obtaining the Tool
At this point we are beta testing the tool. So the only means of getting it is on the Network Monitor project on http://connect.microsoft.com. When you join the project, you will see both the Auto-run and Extract Only packages in the download section. Once we release the tool, we will make it available on the Microsoft Download site as this is more convenient, which is our goal for this tool.