I always install Netmon on my servers - just in case I need it - which I often do. Not from an operation perspective, but for debugging and analyzing stuff. The other day, I was debugging some Kerberos problems in combination with SAP and Active Directory - but Netmon was not able to decode the packages...
Luckily, I know another product which I often uses at my own PC – Ethereal. Download it and the required library winpcap from here. You only need winpcap if you want to capture packages – to analyze, only Ethereal is needed.
Netmon pros –
- Microsoft supported and security patched
- Part of OS
Ethereal pros –
- Live view of captured packages including live filtering
- Can read files saved by Netmon
- Can decode more protocols – like Kerberos
Give it a go – it is worthwhile.