Экспорт (0) Печать
Развернуть все
EN
Данное содержимое не доступно на вашем языке, используйте версию на английском языке.

Message Analyzer Feature Summary

Microsoft Message Analyzer contains a broad and versatile range of features that build upon and exceed those of its predecessor, Microsoft Network Monitor. These features are designed to improve your usability experiences and to expand your capabilities set when loading, capturing, analyzing, and troubleshooting message data with Message Analyzer. The following is a summary of these features:

  • General Capabilities — includes features for getting started quickly:

    • New Session — click this item in the File menu and then select the Blank Session submenu item to open the New Session dialog, from where you can choose a source from which to acquire data; for example a Live Trace or saved Files. To begin the configuration for a new session, choose one of the following data source options to specify the type of input message data you want to acquire:

      • Live Trace — in the New Session dialog, click the Live Trace button to open the dialog with a new Live Trace tab selected, from where you can specify one or more target computers on which to capture data; select a predefined Trace Scenario from the scenario Library; and configure various provider settings and filters to customize your trace configuration before starting the live trace. The New Session dialog also enables you to specify global session settings such as a Session Filter, Start With data viewer selection, and Parsing Level.

        You also have the capability to run multiple concurrent Live Trace Sessions with different message providers on different target computers by adding one or more Live Trace data sources and specifying the hosts from which to capture the data. You can also use a single session with a specified message provider to collect data from multiple specified host machines.

        For more information about starting a new session, see Starting a Message Analyzer Session.

        Note  If you intend to capture messages that are encrypted with the Transport Layer Security (TLS) or Secure Sockets Layer (SSL) security protocols, for example, HTTPS and Remote Desktop Protocol (RDP) messages, you have the option to enable any Live Trace Session for Decryption so that you can view the decrypted data along with decryption session statistics. For more information, see Using the Decryption Feature.

      • Files — in the New Session dialog, click the Files button to open the dialog with a new Files tab selected, from where you can configure a Data Retrieval Session to acquire data that exists in one or more saved files. You can also select specific data to retrieve from such sources by using filters; for example, a Time Filter and/or Session Filter.

        A Truncated Parsing checkbox is also included in the Files tab configuration to indicate when truncated messages exist in files from which you are retrieving data, at which time Message Analyzer switches to a pared-down truncation parser set. You have the option to unselect this checkbox or to select it manually if Message Analyzer did not automatically detect truncated messages.

        For more information about starting a new session, see Starting a Message Analyzer Session.

        Note  If you are retrieving messages that are encrypted with the Transport Layer Security (TLS) or Secure Sockets Layer (SSL) security protocols, for example, HTTPS and Remote Desktop Protocol (RDP) messages, you have the option to enable the Data Retrieval Session for Decryption so that you can view the decrypted data along with decryption session statistics. For more information, see Using the Decryption Feature.

        In addition, the Files tab configuration provides you with the capability to retrieve data from textual log files and to select from a list of configuration files that support log file parsing. The Truncated Parsing, Decryption, and text log parsing features are described in Configuring a Data Retrieval Session.

    • Quick Open — click this item in the File menu to launch Windows Explorer and locate data from a saved file, such as a trace or log, and immediately load it into the Message Analyzer default Analysis Grid viewer.

    • Quick Trace — click this item in the File menu to quickly start a Live Trace session with a single click on a Trace Scenario in the list.

    • Edit Session — click this item in the File menu to open the Edit Session dialog for the currently selected session. Provides the same result as clicking the Configuration button in the Session group on the Ribbon of the Message Analyzer Home tab while a session tab is selected. You can then edit session settings and click Apply to modify the trace results.

    • Save As — click this item in the File menu to display the Save/Export Session dialog to specify a save configuration for loaded or captured trace data that you have manipulated and analyzed.

    • Start Page — review news items and navigate through the Message Analyzer Operating Guide information road map from the News and Guidance tabs, respectively. Also, access the Sharing Infrastructure from the Downloads and Settings tabs to download user Library item collections and OPN parser packages, or to set these collections and packages to automatically synchronize to updates that are periodically pushed out by a Microsoft web service.

    • Options — click this item in the File menu to open the Options dialog, which displays the following configuration tabs:

      • General — enables you to specify various default global settings for Message Analyzer, as follows:

        • Time Display — provides settings that enable you to specify the time format used by Message Analyzer.

        • Live Trace Message Buffer — provides settings that determine the rate at which packets are dropped when exceeding the ETW buffer limit.

        • Session Viewer — provides a drop-down menu that enables you to select the default data viewer for the display of all live trace and saved session data.

        • Text Log Files — provides a drop-down menu that enables you to select a predefined default or custom configuration file for parsing text logs.

      • Decryption — provides the controls that allow you to import and select server certificates and to specify passwords that are required to enable Message Analyzer to decrypt traffic that is encrypted with the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) security protocols.

      • Features — provides for selection of preview features and Tool Windows that you want to enable in Message Analyzer.

    • About — provides release information along with Online Community links, which includes links to the Guidance in this Operating Guide, the Message Analyzer Team Blog, and the Message Analyzer Online Forum.


  • Home tab — the primary analysis surface for Message Analyzer includes a Ribbon that contains the following features:

    • Edit — open the Edit Session dialog to reconfigure an existing Data Retrieval Session or Live Trace Session and apply your changes by clicking the Apply button in the dialog.

    • Shift Time — specify time shifts that enable you to adjust the timestamps in a message set, for example to compensate for machine skew or time-zone changes across multiple data sources.

    • New Viewer — specify additional data viewer configurations against a set of trace results or loaded data for diagnostic and analysis purposes. For example, you might select the Protocol Dashboard or Top Talkers data viewers.

    • View Filter — select or create filters that apply specified filtering criteria to trace results to narrow the focus to messages with specific properties or values. Also, quickly create a View Filter by selecting an Analysis Grid context menu item.

    • Quick Filter — configure a window of time in which to view and assess trace results and remove the filter to restore your original data as required.

    • Aliases — configure and manage Alias names that substitute for cryptic or otherwise unfriendly field values that display in the Message Analyzer Analysis Grid viewer, for example an IPv4 address or a TCP port, for ease of analysis.

    • Unions — configure and manage Unions of two or more fields that have identical values but different names in different data sources. Enables the correlation of field values from such sources with a single field name in Message Analyzer, for ease of analysis.

    • Viewpoints — specify predefined viewpoints so you can view data from the perspective of a protocol, in addition to hiding operations in the current view and resetting the default viewpoint.

    • Tool Windows — utilize interactive tool windows that respond to message selection or session selection to provide additional message details. The tool windows that are available consist of the following:

      • Session Explorer Tool Window — monitor operational status and session statistics, and observe real-time progress indicators when loading, capturing, filtering, sorting, finding, grouping data, and applying sequence matching; navigate among different data viewers in various sessions; and select new data viewers from a context menu.

      • Message Details Tool Window — view field names and values for any message that you select in the Analysis Grid.

      • Message Data Tool Window — highlight hexadecimal values for any field that you select in the Details tool window or Analysis Grid, including payloads.

      • Field Data Tool Window — display the value of any field that you select in the Details tool window.

      • View Filter — display this tool window to specify a predefined View Filter or create a new Filter Expression.

      • Bookmarks Tool Window — mark one or more messages of interest, which includes adding links, attachments, and different colored flags.

      • Comments Tool Window — quickly add basic comments to one or more messages.

      • Diagnostics Tool Window — currently a preview feature that summarizes diagnosis errors and enables you to easily jump to a corresponding diagnosis message in the Analysis Grid viewer. You can also filter Diagnostics tool window columns to isolate specific column data.

      • Message Stack Tool Window — display the message stack for any selected message row in the Analysis Grid viewer.

      • Decryption Tool Window — display statistics, summary, and analysis information for a decryption session.

      • Selection Tool Window— maintain the context of multiple message selection in the Analysis Grid viewer in a separate space that is independent of the grid selection, to facilitate ease of analysis.

      • Column Chooser Tool Window — add selected columns to the default Analysis Grid column configuration to expand the scope of data presentation and further enhance data examination and troubleshooting.

      • Output — display this tool window to monitor the Message Analyzer log file output for errors when loading modules.

    • Color Rules — apply (or configure) Color Rules that serve as alerts, warnings, or troubleshooting cues for a set of trace results.

    • Sequence Expressions — apply predefined Sequence Expressions to discover pattern matches across messages within a set of trace results, or develop and save your own Sequence Expressions based on traffic you have captured.

    • View Layouts — apply View Layouts to configure the Analysis Grid with data-column configurations that serve as troubleshooting templates in user-defined or predefined areas such as TCP and HTTP diagnosis.

    • Find Messages — use the Find feature to locate individual messages that meet the criteria of a predefined or user-developed View Filter.


  • Charts tab — create, edit, save, and share Chart viewers that can contain custom-configured pie, bar, timeline, and grid chart components, similar to the built-in Protocol Dashboard viewer. Use the centralized Field Chooser to specify message fields for your Chart; you can also create data manipulation formulas for diverse data display configurations that will empower visual analysis capabilities. Also supports Unions and union sets.


  • Sharing Infrastructure — utilize the Message Analyzer Sharing Infrastructure to download default user Library collection items for manipulating and viewing data; and download OPN packages for parsing retrieved messages. Configure synchronization for automatic updates to these collections and packages that are periodically pushed out by a Microsoft web service to the default Message Analyzer subscriber feed on the Start Page. Because user Libraries are integrated with the Sharing Infrastructure, you can import, export, and share these items with others, including any that you create or modify. Library item types include Trace Scenarios, Filters, Viewpoints, Color Rules, View Layouts, Charts, Sequence Expressions, and so on. To enable sharing these Library items, you can configure your own user feeds or post items to a user file share. You can also manage all user Library types with the common and centralized management dialog.


  • Other Capabilities — other prominent capabilities include the following:

    • Capture Remote Hyper-V-Switch Traffic — capture traffic from one or more virtual machines (VMs) that are serviced by a Hyper-V Switch on a remote Windows 8.1 or Windows Server 2012 R2 host, or on the local computer. Includes specifying packet traversal paths on the switch extension layers and on the NDIS driver filter stack, along with other special filters such as packet Truncation, EtherType, and IP Protocol Number filters, by using the Advanced Settings - Microsoft-Windows-NDIS PacketCapture dialog.

    • Process MOF-Generated Events — fully parse messages that are captured by Message Analyzer from MOF-instrumented providers. Message Analyzer supports registered event providers on your system that use the MOF schema as the basis of generating their events.

    • Process WPP-Generated Events— parse and display Windows software trace preprocessor (WPP)-generated events. Because such events make use of the ETW framework, Message Analyzer can capture them live or load them from a saved event trace log (ETL) file. To enable parsing of WPP-generated events, users must provide supplementary information that defines the WPP event structure.

    • PEF-WFP Fast Filters — specify Fast Filters for the Microsoft-PEF-WFP-MessageProvider in a Loopback and Unencrypted IPSEC trace.

    • PEF-NDIS Fast Filters — configure logically chained Fast Filter groups that you assign to host adapters by using the Advanced Settings - Microsoft-PEF-NDIS PacketCapture dialog in a Local Network Interfaces trace on Windows 8 and earlier hosts.

    • Filtering Language — discover how to write your own Filter Expressions for filtering data that is loaded into Message Analyzer, captured live, or analyzed after trace results are complete.

    • ResponseTime — add this Global Annotation entity from the Column Chooser as a data column in the Analysis Grid viewer. Enables you to measure the time interval between a request operation to a server and the first server response, to provide a context for assessing server performance.

    • Definitions — display OPN definitions for capture modules or message fields from the Analysis Grid viewer or Details tool window context menu, respectively.

Feedback
If you would like to share your experiences of using Message Analyzer with Microsoft, there are several options you can select from. To begin, click the Feedback drop-down list that is located in the upper right corner of the Message Analyzer UI and select from the following options:

  • Send a Smile — tell us what you liked.

  • Send a Frown — tell us what we can do better.

  • Report a Bug — provide us with details about problems that you encountered.

  • Suggest a Feature— make suggestions that you think would improve your experiences with Message Analyzer.

Important for Network Monitor Users  Message Analyzer dramatically extends the network traffic diagnostics and analysis capabilties of Network Monitor, however, some Network Monitor features such as process name correlation and WiFi tracing are not yet fully implemented in Message Analyzer. For a high-level comparison of several Message Analyzer and Network Monitor features and why new approaches have been taken for capturing, displaying, and analyzing message traffic, see the Blog article Message Analyzer: Why so different from Network Monitor?.

Была ли вам полезна эта информация?
(1500 символов осталось)
Спасибо за ваш отзыв
Показ:
© 2014 Microsoft