嗅探您的Windows服务器网络

在我这周的Server 2008课上，一个学生遇到了这样的情况:重新启动域控制器似乎要花很长时间。(听起来很熟悉吗?)在一个由三台计算机组成的域中，域控制器需要将近15分钟来“准备网络连接”，这似乎很荒谬。我非常好奇，想知道引擎盖下面到底发生了什么。有时，当您试图对这样的网络问题进行故障排除时，事件日志可以说明问题;但其他时候，它们并没有带你走得足够远，让你了解在引擎盖下到底发生了什么。此外，在非故障排除的情况下，您可能偶尔会对在特定操作期间通过网络来回发送的实际命令感到好奇。或者您可能想知道哪些系统正在参与特定的网络“对话”。在这种情况下，您可能会对名为WireShark的免费、多平台、多协议“嗅探器”感兴趣。(您可能从它的前世就知道它，当时它被称为“Ethereal”)这是一个可以捕获网络数据包进行分析的工具。 But before you read any further, I should make a Public Service Announcement: Some organizations will fire you immediately for using this tool, because it can pull sensitive information like passwords off the traffic stream. In some of my blog postings over the next couple of months, I’ll clue you in on some of WireShark’s features and capabilities. For now, I’ll just mention that it works with pretty much any version of Windows: I’ve run it on XP, Server 2008, Vista SP1, and even Windows 7. And it’s a piece of cake to install. So for now, let me suggest that you find out if using this tool will get you in trouble at work. (Even if it does, maybe you can install it on a home network, assuming you don’t use your home network to connect to your workplace.) In a day or two, we’ll start discussing how you can start using WireShark to learn more about the “raw data” (as Anderson Cooper might say) flying around between those network interfaces.