739fe9d3-4a65-48ce-9d22-24f4a378a08b 739fe9d3-4a65-48ce-9d22-24f4a378a08b My Guidance GuidanceSectionAsset 1 Message Analyzer Microsoft 2014-09-24T00:00:00 2015-01-27T00:00:00 7 0 bcd70fc8-aab2-4eee-af72-3e6de892113a Introduction Microsoft Message Analyzer is a new tool for capturing, displaying, and analyzing protocol messaging traffic, events, and other system or application messages in troubleshooting and diagnostic scenarios. Message Analyzer also enables you to load, aggregate, and analyze data from log and saved trace files. It is the successor to Microsoft Network Monitor 3.4 and a key component in the Protocol Engineering Framework (PEF) that was created by Microsoft for the improvement of protocol design, development, documentation, testing, and support. With Message Analyzer, you can choose to capture local and remote traffic live or load archived message collections from multiple data sources simultaneously. Message Analyzer enables you to display trace, log, and other message data in numerous data viewer formats, including a default tree-grid view, interactive tool windows, and other selectable graphical views that employ grids, charts, and timeline visualizer components that provide high-level data summaries and other statistics. Message Analyzer also enables you to configure your own custom data viewer charts. In addition to being an effective tool for troubleshooting network issues and system messages, Message Analyzer enables you to test and verify protocol implementations. 3e374244-582e-45ae-a8ae-6074625e8ac2 Quick Links get a free download and install Message Analyzer on your system. get a quick overview of Message Analyzer features and navigate links to more information. review options for participating in various Message Analyzer community venues. build a customized manual from Message Analyzer Operating Guide topics. 88a2cc0a-f0a9-4a37-812c-bf2fd067dd4e Information Roadmap The topics outlined in this section provide a map into the documentation contained in the Message Analyzer Operating Guide. Use this map to quickly navigate to the topics that show you how to get started with Message Analyzer, how to use its basic and more advanced features, and to understand the underlying frameworks on which it is built. At a high level, the map breaks out into the three content spaces that are specified in the following table, within which you will find quick links that point to topics of interest in these spaces:Review features and functions that you can use to perform various Message Analyzer operations.Run procedures to see Message Analyzer in action and quickly familiarize yourself with its capabilities.Review conceptual information to understand Message Analyzer features and the underlying technologies upon which they are built. 33f420ca-cb28-43f5-80f8-39d92458951d Message Analyzer Usage Tasks In this Operating Guide, Message Analyzer guidance is presented in the form of usage tasks. Each task provides some conceptual background with respect to the functions and features you will be working with, discusses how to use the associated UI features, and also includes example procedures to help you walk through various Message Analyzer usage contexts. To proceed directly to the usage tasks presented in this Operating Guide, click a task link below such as Capturing Message Data:See the following topics to learn how to get started with Message Analyzer, which includes reviewing feature overviews, tutorials, startup options, and global option settings:learn about Message Analyzer installation requirements, options, and other information, which includes upgrades from earlier Message Analyzer release versions, preserving user-created assets from prior installations, window docking layout changes, and security contexts.review the main features of Message Analyzer and use the topic links to access more detailed feature descriptions.run several simple procedures to quickly see Message Analyzer in action.explore the main navigation features and high-level functions of the Message Analyzer user interface.read a brief tutorial on Message Analyzer functions before you dive into the usage tasks and procedures. Also, see the Protocol Engineering Framework (PEF) and the Event Tracing for Windows (ETW) framework tutorials to understand the technologies upon which Message Analyzer is built.review the methods you can use to start Message Analyzer, which includes the arguments and command switches that are available to launch Message Analyzer from the command line.set global options such as default values and settings that can affect Message Analyzer performance, display configurations, and preview feature activations.Review the following topics to learn how to configure, start, and edit a Live Trace Session; also examine various session scenarios that you can employ with multiple data sources, including local and multiple concurrent remote sessions. Discover how to start a session quickly with predefined Trace Scenario configurations, understand the message providers, how to create and save custom Live Trace Session configurations to run on-demand, how to use decryption, and how to enhance capture configurations with filtering and ETW system providers:familiarize yourself with the types of sessions you can configure and start with Message Analyzer; also review common steps that you can use to create a basic session.learn how to reconfigure an existing session and apply the changes to existing data.discover how to make use of the flexible session framework with multiple data source capability that enables you to create Data Retrieval Sessions with multiple data loading configurations or Live Trace Sessions with multiple capture configurations for local and remote tracing.review the functions and usage configurations of the built-in Message Analyzer Trace Scenarios in the network, device, system, and file sharing categories.review conceptual background on the PEF providers that install with Message Analyzer, including information about Fast Filters and provider manifests.specify a server certificate and password to enable decryption and analysis of TLS/SSL encrypted traffic.select and configure predefined Trace Scenarios, set predefined Parsing Levels, configure Fast Filters and Session Filters, configure system ETW providers, use advanced session configuration, select data viewers, and more.learn how to configure a Live Trace Session to capture specifically-targeted data by applying filtering and parsing levels.learn how to capture traffic concurrently on multiple remote hosts, which includes traffic on virtual machines that are serviced by a Hyper-V-Switch, along with advanced packet filtering and other special filters.design a custom capture configuration template, save it as a Trace Scenario, and run it on demand.View the following topics to learn about how to load input data from saved files, and how to filter input data and present it in a chosen viewer when loading messages through a Message Analyzer Data Retrieval Session:learn about the Message Analyzer BSV infrastructure that enables you to browse for multiple data sources, filter or select specific data from those sources, and present results in a viewer of choice for data manipulation and analysis.browse for and load saved trace data and logs into Message Analyzer.learn how to configure a Data Retrieval Session and make use of such features as Truncated Parsing, Parsing Levels, Decryption, Text log parsing, and more.use a Session Filter and/or a Time Filter to select specific data that you want to load into Message Analyzer.learn how to specify a data viewer that displays message data that you load from one or more data sources in a Data Retrieval Session.learn how to enable parsing of Windows software trace preprocessor (WPP)-generated events in Message Analyzer.Review the following topics to learn about the different data viewers that Message Analyzer provides, along with some of the capabilities that enable you to manipulate data views:review background concepts about the Message Analyzer data viewing infrastructure to learn how data viewers work and interact.learn about the data viewers that are available for analysis, including how to use the Analysis Grid viewer and the data manipulation components that are unique to it, such as Color Rules, View Layouts, data Grouping, Find filters, Go To Message searching, and so on. Also discover how to use Chart viewers that provide top-level protocol summary information, and learn about the Sequence Matching viewer which detects message patterns across a set of trace results.learn about a new viewer that organizes traffic into hierarchical summary groups based on view layouts that contain predefined message field groups, to quickly expose targeted information from large data sets.find out how to open various data viewers from multiple locations.learn about Message Analyzer data manipulation tools that are common to the Analysis Grid and other viewers, for example, Time Shifts, View Filters, Quick Filters, Aliases, Unions, and Viewpoints.understand how to use message-specific and session-specific tool windows that provide additional message details or configuration capabilities in Message Analyzer. Also learn about message annotations (Comments and Bookmarks), Diagnostics, Message Stack, Decryption, and other tool windows in this section.review this topic to learn about advanced message selection and tracking capabilities that enhance the scope of message analysis.find out how to enhance your data analysis perspectives by redocking interactive data viewers.View the following topics to learn about selecting data from a Data Retrieval Session, applying filters to a Live Trace Session to isolate specific data, applying filters to trace results for analysis, using color rules to create conditional alerts in trace results, and understanding the Filtering Language:apply a Session Filter to isolate specific data from a specified input file/s configuration.apply a Fast Filter, Keyword filter, WFP Layer Set filter, Advanced Settings filters, or an HTTP filter at the driver level to a Live Trace Session, or apply a predefined or custom Filter Expression as a Session Filter in the New Session dialog when configuring a Live Trace Session.select a filter expression from a common Library of predefined filters and apply it as a View Filter to the results of a Live Trace Session.understand the Filtering Language so you can create your own filter expressions.Review the following topics to learn how to save session data, which includes selecting messages to save, specifying the save file format, and using session naming conventions.read a quick overview of how to save your message data from a Data Retrieval Session or a Live Trace Session.review the options that are available for saving message data.review some naming strategies and other considerations for saving message data.Get a quick overview of the Message Analyzer functions that are enabled for the PowerShell scripting environment, as described in the following:read a synopsis for action, trigger, and other cmdlets that are available to automate various Message Analyzer functions.review an example PowerShell script that configures a message provider, adds a Trace Filter, and sets various triggers for starting, filtering, stopping, and saving a trace session.find out how to get PowerShell v3, access and update cmdlet help, and view the cmdlet help for Message Analyzer.Review the following topics to learn about the Message Analyzer Sharing Infrastructure, user Libraries, automatic updates, downloading asset collections, and creating user feeds for sharing assets with others:learn about the Message Analyzer Sharing Infrastructure; the user Library item collections that enable you to manipulate how data is captured, viewed, and analyzed; and how to manage these user Libraries.find out how to download user Library item collections and how to utilize the auto-sync feature to automatically receive user Library updates that are pushed out by a Microsoft web service.learn how to auto-sync updates to OPN Parser packages and download them from the Microsoft web service.create your own user feeds to which others may subscribe, for mutually sharing Message Analyzer assets with other team members, for example, Filters, Trace Scenarios, Chart viewers, and so on.learn how to share user Library item collections directly with other users by exporting/importing collections or items to/from a file share.Review the following topics to discover how to create new chart-style data viewers that you can customize for your needs with the use of various graphic visualizer components and data formulas, to extend Message Analyzer data viewing capabilities. Also learn how you can edit/customize any predefined Chart data viewer:learn how to use the Message Analyzer Chart configuration features. Also learn how to export any of the predefined Charts or any new Chart assets that you create, for sharing with others.perform a procedure that creates an HTTP Content Type data viewer that you can run immediately, save it to the Charts Library, and thereafter edit the Chart as needed. d0c4c668-61d6-4f42-897c-121ab92a1064 Message Analyzer Usage Procedures If you want to proceed directly to usage procedures that demonstrate Message Analyzer features in the context of the usage tasks contained in this Operating Guide, click a link below:display saved data with the Open feature; start a Live Trace Session, display data quickly from your favorite Trace Scenarios by using the Quick Trace feature on the Message Analyzer File menu; load saved data through a Data Retrieval Session; and deploy Chart viewers to display your data.run a Local Network Interfaces trace that isolates data to a particular network adapter and IPv4 address; perform a Loopback and Unencrypted IPSEC trace with a high-performance, driver-level Fast Filter that is set to capture HTTP traffic from TCP port 80; run an Pre-Encryption for HTTPS trace with driver-level Hostname and Port filters to isolate client and server HTTP message exchanges; capture traffic with a Remote Network Interfaces trace on a virtual machine (VM) that is serviced by a Hyper-V-Switch on a remote Windows 8.1 or Windows Server 2012 R2 host; and design a custom Trace Scenario and run it on demand.browse for data and create a message collection to load into Message Analyzer; apply a Session Filter to loaded input data to isolate specific messages that you want to work with; display saved trace data in different viewers; use the Recent Files feature to display saved trace data to resume previous work; load data from multiple sources and save it as a single message collection; and apply a Time Filter to data being loaded into Message Analyzer.learn how to apply gradient style Color Rules or a predefined View Layout; execute Group commands to group data and streamline message analysis; use the graphic visualizer components of the Protocol Dashboard to analyze top-level summary data such as top bandwidth consumption and message activity within a specified time window; analyze data with the interactive features of the Protocol Dashboard and Analysis Grid viewers; apply Quick Filters and Viewpoints; configure friendly Aliases for field values; create Unions of two or more message fields; and drive the display of various message details through Analysis Grid viewer and tool window interactions.create and apply filters to loaded, live, and trace results data to address and solve commonly encountered, real-world issues; and create color rules to serve as an alert when certain message types, states, or values are present in a displayed message set, for example, TCP diagnostic information and SMB error status.perform procedures that demonstrate how to manage user Library items and share them with others, or download and update Library item collections from the default Message Analyzer subscriber feed.walk through a procedure that shows you how to create a working Chart that presents a visualization of HTTP content type volumes, to provide an indication of web server loads. 983a5b4a-e6b9-4a96-926f-d28edaa3b063 Message Analyzer Technology Concepts If you want to expand your knowledge of the technologies upon which Message Analyzer is built, click the link below:get an overview of Message Analyzer functions and technology concepts, and learn about the PEF architecture and ETW framework components that support them.