Windows Networking Monitoring

In Depth Analysis of Windows File Access and Active Directory Logins

When a user accesses the Windows Network there are times when log-on is slow, performance is poor or it simply does not allow access at all. With AppQoS  diagnosing Microsoft network performance problems and exposing the issues that can affect performance, it makes it easy to ascertain what’s going on.

The AppQoS module for Windows captures:

  • Which servers were used to log on
  • The log on times
  • What files have been opened
  • How long it took to open the file
  • How many bytes were transferred
  • Who opened the file
  • How many times a particular file is requested
  • What the file type is i.e. .docs, .exe, .PDF, etc

The Tree Drill-Down navigation can quickly pin down background applications accessing file shares including products such as Google Picasa or Sophos.

This AppQoS module also allows for housekeeping such as:

  • Re-organizing files that are frequently used
  • Understanding if a file server is under pressure and whether balancing the load by moving applications to another server will alleviate the problem.

Module Details

Standard Layer 3 (Address and ports) monitoring can only tell the “when” & “where” with regards network traffic. In contrast, all the AppQoS modules scan protocol signature - not port number.  In short, they determine the “when”, “where”, “what” (and “who“ in windows networking) of network traffic analysis  to provide a greater level of granularity.

All AppQoS modules are organised in host view and entity view at the top level. Entity is according to the purpose of the module. For Windows Monitoring the entities are files. Host view is further split into client, server views.

The Windows Network Monitoring module displays:

  • Throughput view: No. of Packets/sec, No. of Packets/sec in Read, No. of Packets/sec in Write, File transfer rate in bps, many others
  • File access in chronological order on individual host/server/in top view
  • List of file actions: rename, delete etc.
    • Distribution of bytes transferred based on application types (.doc, .exe)
    • List of user logons (Kerberos only) - when, where, who
    • Special category graph / tables:
      • Automatically categories file access by application type
      • Quickly navigate down to specific file access detail
      • Background traffic— e.g. Goggle Picasa