What is Microsoft's nm3.sys (Netmon Lightweight Filter Driver) in the NDIS network stack?

I was analyzing a Windows 11 crash dump, and got the output for the ndiskd.netreport, and in the graphical network stack of output, I noticed nm3.sys NDIS filter driver right below the WFP Native MAC Layer LightWeight Filter. And oddly enough, this is a driver that has not got updated for a very long time (2010), and its description is NDIS 6.0 Monitoring driver, which is very vague.

So what's the point of this NDIS filter driver and why is it so low on the stack?

Solution

nm3.sys is not part of the OS; it is installed as part of Microsoft Network Monitor. It's a packet capture program. It still works, but it has been discontinued, so we recommend you replace it with Wireshark.

How to consume real-time ETW events from the Microsoft-Windows-NDIS-PacketCapture provider?
Drawbacks of using ETW for packet capture instead of an NDIS LWF or WFP driver?
WMI MSNdis_80211_BSSIList requires a survey
NDIS LWF questions
Suspending a NDIS LWF
Is WFP in Windows kernel implemented using a NDIS LWF driver?
What is Microsoft's nm3.sys (Netmon Lightweight Filter Driver) in the NDIS network stack?
NDIS 6 Filter Driver with cloned Net Buffer List running extremely slowly
DPC_WATCHDOG_VIOLATION (133/1) Potentially related to NdisFIndicateReceiveNetBufferLists?
Is it possible to change our NDIS LWF's altitude on the LWF stack?
DPC_WATCHDOG_VIOLATION BSOD with spilock waiting
IRQL_UNEXPECTED_VALUE BSOD after NdisFIndicateReceiveNetBufferLists?
HCK has 0 tests for our NDIS LWF? And HLK doesn't include NDIS Test 6.5 LWF Logo tests?
Checksum/CRC reverse engineering of Microsoft NDIS packet
Using netcfg to remove an NDIS LWF doesn't remove it from the driver store?
Attach NDIS LWF driver to a Virtual Network Adapter? (Kerio)
DDK doesn't recognize DNDIS630, but it does recognize DNDIS620? (Windows NDIS)
Copying the NetBufferListInfo array instead of calling NdisCopySendNetBufferListInfo?
NDIS LWF driver causing issues for WFP drivers in the network stack?
Send doesn't work properly in my NDIS modifying filter driver
Using NdisFIndicateReceiveNetBufferLists for every packet vs chaining them all together to receive?
Why WriteFile to NDIS send duplicate frames?
Error 87 in WriteFile function (NDIS) when using EtherType 0x88A4 (EtherCat)
How to enable 802.11 monitor mode (DOT11_OPERATION_MODE_NETWORK_MONITOR) in a NDIS 6 filter driver?
Windows Network Device Driver: Set link UP/DOWN from within the driver
Why does NdisFSendNetBufferLists only work when called from FilterSendNetBufferLists?
How programatically disable specific item in network connection properties?
Unable to use NDIS related functions from a Visual Studio's Empty WDM Driver template
How can I read the received packets with a NDIS filter driver?
Install NDIS filer driver unbinded