Была ли эта страница полезной?
Дополнительный отзыв?
1500 символов осталось
Экспорт (0) Печать
Развернуть все
Данное содержимое не доступно на вашем языке, используйте версию на английском языке.

Microsoft Message Analyzer Operating Guide


Message Analyzer Icon

Microsoft Message Analyzer is a new tool for capturing, displaying, and analyzing protocol messaging traffic, events, and other system or application messages in network troubleshooting and other diagnostic scenarios. Message Analyzer also enables you to load, aggregate, and analyze data from log and saved trace files. It is the successor to Microsoft Network Monitor 3.4 and is a key component in the Protocol Engineering Framework (PEF) that was created by Microsoft to improve protocol design, development, implementation testing and verification, documentation, and support. With Message Analyzer, you can choose to capture local and remote traffic live or load archived message collections from multiple data sources simultaneously.

Message Analyzer enables you to display trace, log, and other message data in numerous data viewer formats, including a default tree-grid view, interactive tool windows, and other selectable graphical views that employ grids, charts, and timeline visualizer components that provide high-level data summaries and other statistics. Message Analyzer also enables you to configure your own custom data viewer charts.

Quick Links 
Message Analyzer Tutorial — take a detailed tour of Message Analyzer to learn about its capabilities, functions, and features.
Quick Session Startup — start a new Message Analyzer session with a single click.
Procedures: Quick Start — see Message Analyzer in action right now by running several simple procedures.
Message Analyzer Feature Summary — get a quick overview of Message Analyzer features and navigate links to more information.
Feedback — provide feedback on any topic in this Operating Guide.
Important for Network Monitor Users — review information about the differences between Network Monitor and Message Analyzer.

Other Links
Installing and Upgrading Message Analyzer — get a free download and install Message Analyzer on your system.
Participating in Community — review options for participating in various Message Analyzer community venues.
Using TechNet Export — build a customized manual from Message Analyzer Operating Guide topics.

The topics outlined in this section provide a map into the documentation contained in the Message Analyzer Operating Guide. Use this map to quickly navigate to the topics that show you how to get started with Message Analyzer, how to use its basic and more advanced features, and to understand the underlying frameworks on which it is built. At a high level, the map breaks out into the three content spaces that are specified in the following table, within which you will find quick links that point to topics of interest in these spaces:

Content Space



Usage tasks

Review features and functions that you can use to perform various Message Analyzer operations.

Message Analyzer Usage Tasks

Usage procedures

Run procedures to see Message Analyzer in action and quickly familiarize yourself with its capabilities.

Message Analyzer Usage Procedures

Technology concepts

Review conceptual information to understand Message Analyzer features and the underlying technologies upon which they are built.

Message Analyzer Technology Concepts

In this Operating Guide, Message Analyzer guidance is presented in the form of usage tasks. Each task provides some conceptual background with respect to the functions and features you will be working with, discusses how to use the associated UI features, and also includes example procedures to help you walk through various Message Analyzer usage contexts. To proceed directly to the usage tasks presented in this Operating Guide, click a task link below such as Capturing Message Data:

Getting Started with Message Analyzer

See the following topics to learn how to get started with Message Analyzer:

  • Installing and Upgrading Message Analyzer — learn about Message Analyzer installation requirements, options, and other information, which includes upgrades from earlier Message Analyzer release versions, preserving user-created assets from prior installations, window docking layout changes, and security contexts.

  • Message Analyzer Feature Summary — review the main features of Message Analyzer and use the topic links to access more detailed feature descriptions.

  • Quick Session Startup — learn about various methods you can use to very quickly start a new Message Analyzer session with a minimum of clicks.

  • Technology Tutorials — read a tutorial on Message Analyzer functions before you dive into the usage tasks and procedures. Optionally, see the Protocol Engineering Framework (PEF) architecture and Event Tracing for Windows (ETW) framework tutorials to understand the technologies upon which Message Analyzer is built.

  • Message Analyzer Startup Options — review the methods you can use to start Message Analyzer, which includes the arguments and command switches that are available to launch Message Analyzer from the command line.

  • Setting Message Analyzer Global Options — set global options such as default values and settings that can affect Message Analyzer performance, display configurations, or feature activations.

  • Procedures: Quick Start — run several simple procedures to quickly see Message Analyzer in action.

Capturing Message Data

Review the following topics to learn how to configure, start, and edit a Message Analyzer session, or configure a session scenario. Examine various session scenarios that you can employ with multiple data sources, including local and multiple concurrent remote sessions. Discover how to start a session quickly with predefined Trace Scenario configurations, understand the message providers, how to create and save custom Live Trace Session configurations to run on-demand, how to use decryption, and how to enhance capture configurations with filtering and ETW system providers:

  • Starting a Message Analyzer Session — familiarize yourself with the types of sessions you can configure and start with Message Analyzer; also review common steps that you can use to create a basic session.

  • Targeting Live Data as an Input Source — learn about the many different message providers that Message Analyzer uses as a source for live input data. Discusses PEF providers, driver-level filtering techniques, and obtaining provider manifests.

  • Configuring a Live Trace Session — select and configure predefined Trace Scenarios, set predefined Parsing Levels, configure Fast Filters and Session Filters, configure system ETW providers, use advanced session configuration, select data viewers, and more.

  • Built-In Trace Scenarios — review the functions and usage configurations of the built-in Message Analyzer Trace Scenarios in the network, device, system, and file sharing categories.

  • Using the Decryption Feature — specify a server certificate and password to enable decryption and analysis of TLS/SSL encrypted traffic.

  • Selecting Data to Capture — learn how to configure a Live Trace Session to capture specifically targeted data by applying filtering and parsing levels.

  • Capturing Data Remotely — learn how to capture traffic concurrently on multiple remote hosts, which includes traffic on virtual machines that are serviced by a Hyper-V-Switch, along with advanced packet filtering and other special filters.

  • Promiscuous Mode — learn how to capture data in promiscuous mode, if supported by your network adapter.

  • Developing and Managing Trace Scenarios — design a custom capture configuration template, save it as a Trace Scenario, and run it on demand.

  • Editing Existing Sessions — learn how to reconfigure an existing session and apply the changes to existing data.

  • Configuring Session Scenarios with Selected Data Sources — discover how to make use of the flexible session framework with multiple data sources capability that enables you to create Data Retrieval Sessions with multiple data loading configurations or Live Trace Sessions with multiple capture configurations for local and remote tracing.

Retrieving Message Data

View the following topics to learn how to load input data from saved files, filter input data, and present it in a chosen viewer when loading messages through a Message Analyzer Data Retrieval Session:

  • Browse-Select-View Model — learn about the Message Analyzer BSV infrastructure that enables you to browse for multiple data sources, filter or select specific data from those sources, and present results in a viewer of choice for data manipulation and analysis.

  • Targeting Saved Data as an Input Source — browse for and load saved trace data and logs into Message Analyzer. This includes targeting input data from Azure tables and binary large objects (BLOBs).

  • Configuring a Data Retrieval Session — learn how to configure a Data Retrieval Session and make use of such features as Truncated Parsing, Parsing Levels, Decryption, Text log parsing, and more.

  • Selecting Data to Retrieve — use a Session Filter and/or a Time Filter to select specific data that you want to load into Message Analyzer.

  • Selecting a Data Retrieval Session Viewer — learn how to specify a data viewer that displays message data that you load from one or more data sources in a Data Retrieval Session.

  • Loading WPP-Generated Events — learn how to enable parsing of Windows software trace preprocessor (WPP)-generated events in Message Analyzer.

Viewing Message Data

Review the following topics to learn about the different data viewers that Message Analyzer provides, along with some of the capabilities that enable you to manipulate data views:

  • Data Viewer Concepts — review background concepts about the Message Analyzer data viewing infrastructure to learn how data viewers work and interact.

  • Data Viewers — learn about the data viewers that are available for analysis, including how to use the Analysis Grid Viewer and the data manipulation components that are unique to it, such as Color Rules, View Layouts, data Grouping, Find filters, Go To Message searching, and so on. Also discover how to use Chart viewers that provide top-level protocol summary information, and learn about the Pattern Matching viewer, which detects message patterns across a set of trace results.

  • Grouping Viewer — learn about a new viewer that organizes traffic into hierarchical summary groups based on view layouts that contain predefined message field groups, to quickly expose targeted information from large data sets. Also learn how to use a Grouping view layout that correlates IP traffic with process IDs and application names.

  • Session Data Viewer Options — find out how to open various data viewers from multiple locations.

  • Common Data Viewer Features — learn about Message Analyzer data manipulation tools that are common to the Analysis Grid and other viewers, for example, Time Shifts, View Filters, Quick Filters, Aliases, Unions, and Viewpoints.

  • Tool Windows — understand how to use message-specific and session-specific tool windows that provide additional message details or configuration capabilities in Message Analyzer. Also learn about message annotations (Comments and Bookmarks), Diagnostics, Message Stack, Decryption, and other tool windows in this section.

  • Selection Tool Window — review this topic to learn about advanced message selection and tracking capabilities that enhance the scope of message analysis.

  • Redocking Data Viewers and Tool Windows — find out how to enhance your data analysis perspectives and customize your analysis environment by redocking interactive data viewers.

Filtering Message Data

View the following topics to learn about selecting data from a Data Retrieval Session, applying filters to a Live Trace Session to isolate specific data, applying filters to trace results for analysis, using color rules to create conditional alerts in trace results, and understanding the Filtering Language:

  • Filtering Loaded Input Data — apply a Session Filter to isolate specific data from a specified input file/s configuration.

  • Filtering Live Trace Session Data — apply a Fast Filter, Keyword filter, WFP Layer Set filter, Advanced Settings filters, or an HTTP filter at the driver level to a Live Trace Session, or apply a predefined or custom Filter Expression as a Session Filter in the New Session dialog when configuring a Live Trace Session.

  • Filtering Live Trace Session Results — select a filter expression from a common Library of predefined filters and apply it as a View Filter to the results of a Live Trace Session.

  • Writing Filter Expressions — understand the Filtering Language so you can create your own filter expressions.

Saving Message Data

Review the following topics to learn how to save session data, which includes selecting messages to save, specifying the save file format, and using session naming conventions.

  • Saving Session Data — read a quick overview of how to save your message data from a Data Retrieval Session or a Live Trace Session.

  • Selecting Messages to Save — review the options that are available for saving message data.

  • Naming Saved Files — review some naming strategies and other considerations for saving message data.

Automating Tracing Functions with PowerShell

Get a quick overview of the Message Analyzer functions that are enabled for the PowerShell scripting environment, as described in the following topics:

Managing Message Analyzer Assets

Review the following topics to learn about the Message Analyzer Sharing Infrastructure, user Libraries, automatic asset updates, downloading asset collections, and creating user feeds for sharing assets with others:

  • Sharing Infrastructure — learn about the Message Analyzer Sharing Infrastructure; the user Library item collections that enable you to manipulate how data is captured, viewed, and analyzed; and how to manage these user Libraries.

  • Managing Asset Collection Downloads and Updates — find out how to download user Library item collections and how to utilize the auto-sync feature to automatically receive user Library updates that are pushed out by a Microsoft web service.

  • Managing Microsoft OPN Parser Packages — learn how to auto-sync updates to OPN Parser packages and download them from the Microsoft web service.

  • Creating Custom User Feeds — create your own user feeds to which others may subscribe, for mutually sharing Message Analyzer assets with other team members, for example, Filters, Trace Scenarios, Chart viewers, and so on.

  • Sharing Asset Collections on a User File Share — learn how to share user Library item collections directly with other users by exporting/importing collections or items to/from a file share.

Extending Message Analyzer Data Viewing Capabilities

Review the following topics to discover how to create new chart-style data viewers that you can customize with the use of various graphic visualizer components and data formulas, to extend Message Analyzer data viewing capabilities. Also learn how you can edit and customize any predefined Chart data viewer:

  • Configuring Chart Data Viewers — learn how to use the Message Analyzer Chart configuration features. Also learn how to export any of the predefined Charts or any new Chart assets that you create, for sharing with others.

  • Procedures: Using the Chart Configuration Features — perform a procedure that creates an HTTP Content Type data viewer that you can run immediately and save to the Charts Library. Thereafter you can edit the Chart as needed.

If you want to proceed directly to usage procedures that demonstrate Message Analyzer features in the context of the usage tasks contained in this Operating Guide, click a link below:

Procedures: Quick Start — display saved data with the Open feature; start a Live Trace Session; display data quickly from your favorite Trace Scenarios by using the Favorite Scenarios feature on the Message Analyzer File menu or Start Page; load saved data through a Data Retrieval Session; and deploy various viewers, including graphic Charts, to display your data.

Procedures: Using the Network Tracing Features — run a Local Network Interfaces trace that isolates data to a particular network adapter and IPv4 address; perform a Loopback and Unencrypted IPSEC trace with a high-performance, driver-level Fast Filter that is set to capture HTTP traffic from TCP port 80; run a Pre-Encryption for HTTPS trace with driver-level Hostname and Port filters to isolate client and server HTTP message exchanges; capture traffic with a Remote Network Interfaces trace on a virtual machine (VM) that is serviced by a Hyper-V-Switch on a remote Windows 8.1 or Windows Server 2012 R2 host; and design a custom Trace Scenario and run it on demand.

Procedures: Using the Data Retrieval Features — browse for data and create a message collection to load into Message Analyzer; apply a Session Filter to loaded input data to isolate specific messages that you want to work with; display saved trace data in different viewers; use the Recent Files feature to display saved trace data to resume previous work; load data from multiple sources and save it as a single message collection; and apply a Time Filter to data being loaded into Message Analyzer.

Procedures: Using the Data Viewing Features — learn how to apply gradient-style Color Rules or a predefined View Layout; execute Group commands to group data and streamline message analysis; use the graphic visualizer components of the Protocol Dashboard to analyze top-level summary data such as top bandwidth consumption and message activity within a specified time window; analyze data with the interactive features of the Protocol Dashboard and Analysis Grid viewers; apply Quick Filters and Viewpoints; configure friendly Aliases for field values; create Unions of two or more message fields; and drive the display of various message details through Analysis Grid viewer and tool window interactions.

Procedures: Using the Data Filtering Features — create and apply filters to the data loading process, live captures, and trace results data to address and solve commonly encountered, real-world issues; create color rules to serve as an alert when certain message types, states, or values are present in a displayed message set, for example, TCP diagnostic information and SMB error status.

Procedures: Using the Asset Management Features — perform procedures that demonstrate how to manage user Library items and share them with others, or download and update Library item collections from the default Message Analyzer subscriber feed.

Procedures: Using the Chart Configuration Features — walk through a procedure that shows you how to create a working Chart that presents a visualization of HTTP content type volumes, to provide an indication of web server loads.

If you want to expand your knowledge of the technologies upon which Message Analyzer is built, click the links below:

Technology Tutorials — get an overview of Message Analyzer functions and technology concepts, and learn about the PEF architecture and ETW framework components that support them:

Message Analyzer Tutorial
PEF Architecture Tutorial
ETW Framework Tutorial

Была ли вам полезна эта информация?
(1500 символов осталось)
Спасибо за ваш отзыв

Добавления сообщества

© 2015 Microsoft