Export (0) Print
Expand All

Technology Overview

This section contains a brief and high-level technology overview that describes the Message Analyzer functions that are accessible from the user interface (UI) through its main navigation features, so that you can quickly get started with using them. This section shows how to access these functions and features, and provides a high-level description of their purpose. Familiarizing yourself with the UI features will help you navigate through Message Analyzer and perform tasks such as opening a Live Trace Session or a Data Retrieval Session, specifying a data viewer for session results, saving trace data, setting global trace options, quickly retrieving saved message collections, and configuring new Chart-style data viewers with graphic visualizer components.

Accessing Message Analyzer Features and Functions

The Message Analyzer UI contains three primary navigation features that enable you to locate the functionality you need to load, capture, display, and analyze data. These navigation features consist of the File menu, Home tab, and Charts tab. The File menu contains items and submenus that provide you with access to high-level Message Analyzer functions; the Home tab exposes the analysis surface from where you can work with various data viewers, filters, tool windows, and other analysis features such as Viewpoints; and the Charts tab enables you to create, edit, save, and manage predefined and custom Chart data viewers.

The sections that follow describe the features and functions that are available from the File menu, Home tab, and Charts tab.

File Menu

The File menu is the entry point into Message Analyzer functionality, since it is the place where you start navigating the UI and using its features. The File menu has a look and feel that is similar to the File tab that displays in Microsoft Office products. The File menu contains the following items that provide access to various Message Analyzer high-level features and functions:

  • New Session — from the File menu, you can click the New Session item and then select the Blank Session submenu item to display the New Session dialog, in which you can choose a data source from which to acquire data, as described in Starting a Message Analyzer Session. Thereafter, a configuration tab displays in the New Session dialog that enables you to specify settings for the type of session that you chose. For example, if you click the Live Trace button, you are presented with Live Trace configuration settings for a Live Trace Session; whereas, if you click the Files button, you are presented with Files configuration settings for a Data Retrieval Session.

    You can go directly to the Live Trace or Files configuration tabs of the New Session dialog by selecting the Live Trace or Files item, respectively, in the New Session submenu. In addition, you can select the From Current Session item if you want to open the New Session dialog with configuration values populated from an existing session tab that is currently selected.

    Also, when you click the File menu, a Recent files list displays that contains a number of recently saved files, any of which you can quickly open with a single click, as described in Quickly Loading Data.

    Tip  You can also open the New Session dialog by clicking the Create a New Trace Session icon in the upper left corner of the Message Analyzer UI.

    Live Trace Configuration
    When configuring a Live Trace Session, you can specify the following:

    • The session Name and description.

    • The Target Computers from which to collect live message data. Use the default local host, and/or specify additional host names and connection credentials for one or more remote computers on which you want to capture message data, as described in Specifying Remote Host Connection Data.

      Note  You also have the capability to run multiple concurrent Live Trace Sessions with different message providers on different target computers by adding one or more Live Trace data sources and specifying the hosts from which to capture the data. You can also use a single session with a specified message provider to collect data from multiple specified host machines.

    • A predefined Trace Scenario that serves as a message provider that captures specific types of messages, and in certain cases, captures messages at predefined stack levels. See Configuring a Live Trace Session for more information.

    • System ETW Providers (Windows components that have been instrumented as Event Tracing for Windows {ETW} event providers) that you want to include in the trace configuration in order to capture specific types of events.

    • Driver-level filters such as Fast Filters to focus on specific data; NDIS stack, Hyper-V-Switch extension layer, packet traversal path, EtherType, IP Protocol Number, and other filters, when targeting host adapter and VM traffic, as described in Capturing Data Remotely; in addition to Keyword event and Level filters for ETW providers, to enhance the scope of message retrieval.

    • Settings in the Advanced Configuration dialog to control certain aspects of the underlying ETW session for the current Trace Session, as described in Specifying Advanced Session Configuration Settings.

    • A predefined or customized Session Filter that limits the scope of message capture.

    • A data viewer to contain the results of the Live Trace Session.

    • A Parsing Level scenario that retrieves specific messages in the stack, for focused analysis perspective and improved performance.

    Data Retrieval Configuration
    When configuring a Data Retrieval Session, you can specify the following:

    • The session Name and description.

    • Saved trace files and logs that contain the data you want to retrieve.

    • Automatic detection or manual enforcement of the Truncated Parsing mode when loading data from input files that contain truncated messages, such as .cap, .pcap,.pcapng, and .etl traces, as described in Configuring a Data Retrieval Session.

    • A Text Log Configuration file for parsing textual logs from which you are acquiring data.

    • A Time Filter that enables you to specify a window of time in which to view message data.

    • A Session Filter, Parsing Level scenario, and data viewer selection, as indicated earlier.

  • Quick Open — a File menu item that enables you to display the Open dialog in which you can navigate to saved trace and log files. After you select a file and click Open in the dialog, the data immediately displays in the Message Analyzer default Analysis Grid viewer on the Home tab, as described in Quickly Loading Data.

  • Quick Trace — a File menu item that enables you to quickly start a Live Trace Session with a single click on a predefined Trace Scenario such as the following:

    • Local Network Interfaces — uses the Microsoft-Windows-NDIS-PacketCapture provider to capture data at the Link Layer and above.

    • Loopback and Unencrypted IPSEC — uses the Microsoft-Pef-WFP-MessageProvider to capture data at the Transport Layer and above.

    • Unencrypted HTTPS — uses the Microsoft-Pef-WebProxy provider to capture HTTP/S messages at the Application Layer, including any higher level application messages.

    You can also use any Trace Scenario that you have tagged as a Favorite.

  • Edit Session — a File menu item that enables you to open the Edit Session dialog for the currently selected session. Provides the same result as clicking the Edit button in the Session group on the Ribbon of the Message Analyzer Home tab while a session tab is selected. You can then edit session settings and click Apply to modify the trace results.

  • Close — a File menu item that enables you to close the currently selected Session viewer tab on the Message Analyzer Home tab.

    Note  If you have more than one data viewer in display for a particular session when you Close a selected Session viewer tab, the data in the selected tab is removed, but the session is not entirely closed until all data viewers for the session are closed.

  • Save As — a File menu item that enables you to save data from live traces and loaded message collections by launching the Save As dialog. For example, after you analyze and manipulate data from a Live Trace Session, or from a Data Retrieval Session where you loaded a collection of messages from one or more data sources, you can save the results of your analysis in one of the Message Analyzer native file formats, as described in Saving Message Data.

    Note  You can also launch the Save As dialog to save your session data by clicking the Save Trace icon in the upper-left corner of the UI. Alternatively, you can specify the keyboard shortcut Ctrl+S to display the Save As dialog.

  • Start Page — a File menu item that contains the following navigation features:

    • News tab — displays announcements such as new blog posts, release news, and other information.

    • Downloads tab — displays a page that enables you to view, auto-sync updates, and download OPN Parser Packages or user Library items, such as Color Rules, Trace Scenarios, Viewers, Viewpoints, Filters, View Layouts, and Sequence Expressions from the default Message Analyzer subscriber feed. As described in Managing Item Collection Downloads and Updates, the features on this page that enable you to exercise these functions consist of the following:

      • All Item Types drop-down — enables you to select the types of items to display in your Message Analyzer feed list.

      • Search box — enables you to locate feed list items by entering search text that filters your feed list items.

      • Sync All Displayed Items button — causes automatic update synchronization of all the default Message Analyzer feed list items. Thereafter, your Message Analyzer installation is synchronized with item collection and OPN Parser package updates from a Microsoft web service, so that you always have the latest versions. However, for this synchronization to take place, your Message Analyzer installation must be set to Online status, as described in the next bullet item.

        Note  You have the option to synchronize Message Analyzer feed list items individually or you can elect to download the current configuration of a particular item and stop receiving updates. You can access these features by clicking the status icons to the right of the feed list items that are displayed on the Downloads page.

      • Online/Offline button — when this button is set to Online, you automatically receive updates to Message Analyzer subscriber feed list items that are set to auto-sync status. When this button is set to Offline, you do not receive updates.

    • Guidance tab — displays a facsimile of the Microsoft Message Analyzer Operating Guide landing page on TechNet, which has an Information Roadmap that is a convenient starting point for navigating the guidance documentation.

    • Settings tab — enables you to view a list of feeds to which you are subscribed, create new feeds for sharing item collections directly with other users, and view which item collections and OPN Parser packages are set to the auto-sync state. You can also manage downloads and auto-syncing from this location.

  • Options — a File menu item that displays the Options page, as described in Setting Message Analyzer Global Options. This page contains the following configuration tabs:

    • General tab — enables you to specify various default global settings for Message Analyzer, as follows:

      • Time Display — provides settings that enable you to specify the time format used by Message Analyzer.

      • Live Trace Message Buffer — provides settings that determine the rate at which packets are dropped when exceeding the buffer limit.

      • Session Viewer — provides a drop-down list that enables you to select the default data viewer for the display of all live trace and saved session data.

      • Text Log Files — provides a drop-down list that enables you to select a predefined default or custom configuration file for parsing text logs.

    • Features tab — provides for selection of preview features that you can enable in Message Analyzer.

    • Decryption tab — provides the controls that allow you to manage decryption certificates, which includes importing and selecting server certificates and specifying passwords that are required to enable Message Analyzer to decrypt traffic that is encrypted with the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) security protocols.

  • About — contains versioning, privacy information, and links to guidance and Online Community sites, which include the following:

  • Exit — enables you to gracefully exit the Message Analyzer application. If you have unsaved trace data when you exit, Message Analyzer prompts you to save it.

Home Tab

The Message Analyzer Home tab is the primary data analysis surface, because it provides the interfaces in which you display, manipulate, and analyze Live Trace Session and Data Retrieval Session results. The Home tab contains a Ribbon at the top of the interface that is arranged in sets of commands that group categorically-related Message Analyzer functions, for example, the Session, Filter, Customize Fields, and Viewpoints groups. By default, the Session Explorer Tool Window also displays when you select the Home tab, and enables you to navigate among different viewers that are currently displaying session data. The Session Explorer window also enables you to select additional data viewers for any currently displayed session tab, by providing a right-click context menu from where you can select the different viewer types. For example, you could choose the Protocol Dashboard viewer, which has data visualizer components that display various graphical top-level summaries of captured message traffic.

The primary data viewer for Live Trace Session and Data Retrieval Session results on the Message Analyzer Home tab is the Analysis Grid Viewer, which displays by default unless you change the default viewer in the Options dialog or you specifically select a different data viewer when starting a New Session. The Analysis Grid viewer provides a tree grid type display of trace data where message traffic is grouped by top-level message and operation nodes that you can expand or double-click for further details. When you select a message row in the Analysis Grid viewer, detailed information about the message displays in the Details, Message Data, Field Data, and Message Stack Tool Windows, providing that they are open, to facilitate analysis of message fields, values, and stack layer data. Since the Analysis Grid viewer is the main interface that you will use to analyze message traffic, this environment is sometimes referred to in this documentation as an Analysis Session. However, an Analysis Session can also encompass other data viewers in separate session tabs, such as the Protocol Dashboard or Top IP/Ethernet Conversations viewers.

Note   Each New Session that you Start With the default Analysis Grid viewer displays on the Home tab as a separate viewer tab. Other data viewers such as SMB File Stats also display in separate viewer tabs.

Charts Tab

From the Message Analyzer Charts tab, you can create or modify Charts that contain graphic visualizer components for data analysis purposes, which includes bar charts, pie charts, timeline graphs in the x-y coordinate domain, and table grids. Message Analyzer provides numerous Chart data viewers by default, for example, the Top TCP/UDP Conversations and Top Talkers viewers. Message Analyzer enables you to create new Charts, or you can modify the default Chart viewers by removing visualizer components and/or adding your own custom components, layouts, and data mappings, as described in Configuring Chart Data Viewers. All the Chart viewers that Message Analyzer provides are described in the Data Viewers section.

The Charts tab provides access to various controls and dialogs that enable you to add new components, remove existing components, and create data mappings for new visualizer components. You can also use the Manage Charts dialog to export Charts, including any that you create, to a remote user file share or other location for sharing with other users. The Manage Charts dialog also enables you to import Charts that others create. In addition, you can share your Charts with others by creating your own custom subscriber feed in the Message Analyzer Sharing Infrastructure, with some current limitations regarding update synchronization on user-configured feeds, as described in Manual Item Update Synchronization.

More Information
To learn more about working with Message Analyzer UI features and functions, see the usage task sections of this documentation:

Starting a Message Analyzer Session
    Capturing Message Data
    Retrieving Message Data
Viewing Message Data
Filtering Message Data
Saving Message Data
Automating Tracing Functions with PowerShell
Managing Message Analyzer Assets
Extending Message Analyzer Data Viewing Capabilities

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2015 Microsoft