Capturing Message Data
To help you get started very quickly with capturing live data, Message Analyzer has a Quick Trace section on the Start Page that enables you to click a predefined Trace Scenario and immediately start capturing data. You can also locate predefined Trace Scenarios in the Trace Session configuration interface. These Trace Scenarios encapsulate predefined provider capture configurations that enable you to capture specific data in a Trace Session. To start a Trace Session from the Trace Session configuration interface, you simply select a Trace Scenario containing the provider/s that capture data for a particular stack level, application, or system component, and then with a single click you can start capturing data.
When configuring a Trace Session, you are advised that your initial approach to capturing data should be to use one of the default Trace Scenarios as the data provider. To further enhance and optimize a default Trace Scenario configuration, you can add a PEF provider Fast Filter, a Trace Filter, advanced filtering configurations, and/or configure system ETW provider filters for your Trace Session — that is, if the Trace Scenario uses a system ETW provider — to select specific data from the capture, as described in Creating and Modifying Trace Sessions.
However, only if this approach fails to isolate the data you wish to capture should you customize a new Trace Session with one or more system ETW providers that are installed and registered on your machine. For example, you might end up capturing so much data with an unmodified scenario that you drop packets, in which case, you might consider customizing your provider configuration. If you elect to customize, Message Analyzer enables you select specific data to capture by providing facilities to modify the provider configuration, as described in System ETW Provider Configuration Settings. To successfully create a functional tracing configuration, you should be familiar with the workings of such providers before you employ them, however, you are free to experiment to see what results you obtain. For this reason, adding system ETW providers to a Trace Session is recommended for advanced Message Analyzer users. However, Message Analyzer ships with several default Trace Scenarios that contain system ETW providers, and these can serve as usage examples for new users. System ETW providers are accessible from a searchable provider library in the Trace Session configuration interface.
If you want to specify one or more system ETW providers in your Trace Session configuration, refer to Adding a System ETW Provider.
In this section, you will learn about the following:
Utilizing the Message Analyzer built-in Trace Scenarios to capture data.
Applying various filters to live traces.
Using the features of PEF and system ETW providers.
Configuring and running Trace Sessions.
Specifying advanced provider configuration settings.
Managing Trace Scenarios.
Example procedures that demonstrate these Message Analyzer capabilities are also included.
In This Section
Creating and Modifying Trace Sessions
Developing and Managing Trace Scenarios
Go To Procedures
To proceed directly to procedures that demonstrate the network tracing features described in this section, see Using the Network Tracing Features.