Message Analyzer can make use of many different message providers when capturing data. Certain providers are specifically designed by Microsoft to create inspection points into the network protocol stack so that you can focus on retrieving and analyzing messages at predefined levels. For example, you can use the Microsoft-PEF-WFP-MessageProvider to retrieve network traffic at and above the Transport layer while minimizing lower level network noise, so that you can focus on troubleshooting TCP and application messages. You can also use the Microsoft-PEF-NDIS-PacketCapture provider to retrieve network traffic on the wire at the Data Link layer to obtain a full representation of all messages captured in a trace. In addition, you can use the Microsoft-PEF-WebProxy provider to capture HTTP unencrypted client browser traffic.
This section briefly describes the functions of Microsoft Protocol Engineering Framework (PEF) providers that are native to Message Analyzer and which enable you to partition the capture of network traffic. The filters that you can configure for these providers are also described in these sections:
About Provider Manifests
Each Microsoft PEF provider has an ETW manifest that installs with Message Analyzer. A provider manifest is an XML file that specifies a formal description of the events a provider raises. It identifies the event provider, specifies the event types, and also describes the events.
A manifest can also associate its events with Keywords and Levels, which is a way to enable events and filter them as they are written for consumption:
Keywords — group events together that are logically related.
Level — indicates the severity or verbosity of an event, for example, critical, error, warning, or informational.
Tip Keywords are different for many ETW providers. You might therefore consider consulting the community knowledge base for optimized configurations.
In addition, event consumers such as the PEF Runtime can make use of a manifest’s structured XML data to perform queries and analysis.
Manifests for all PEF providers reside in the following location: