I wanted to take a minute to show you a quick way to utilize Network Monitor to perform Sequential, or also called Circular, captures for troubleshooting issues. This is particularly useful when you can’t dictate when the networking communications you are looking for are going to happen. This method of troubleshooting has been available via GUI configurations using other network traffic capture utilities but has been, and currently is, only available through the command line options provided with Network Monitor.
(NMCap is a tool that is installed when you install Network Monitor 3.x. This is a command line based tool that provides great a bit of functionality. As time goes by you will find more postings on other uses this tool can provide.)
As said before, the goal of this discussion is to describe how to collect a sequential trace. What I mean by that is that you set Netmon to create a trace that only grows so large… 200MB for example. Once the capture has grown to 200MB it will close the current file and create a new one. That file will grow up to 200MB and then create another file. This will provide you the ability to go back and review your files and look to see if the date/time stamp matches the date/time of when your possible problem may have occurred. Having this information helps because you can delete the trace files that you know do not meet your criteria. If you were to just start a trace file and walk away it could easily fill your hard drive or become so large that it will become too much of a burden to be open or parsed in a timely fashion.
Read more: Microsoft Enterprise Networking Team