Message #Analyzer #Beta 3 Released (build 6211)! #TEE13 #MA

the new Message Analyzer Beta 3 is available on the Connect site

You have to sign-in and join our site on After creating an account on Connect, you can join our site by looking in the Directory..


New Features

In addition to the new functionality, the performance is improved and reduced the memory footprint. Here is a list of the new features highlights.

Centralized Sharing Infrastructure — users can now utilize the new Message Analyzer sharing infrastructure to create Library items as shareable assets that that you can import, export and share with others. Manageable asset types include Trace Scenarios, Filters, Viewpoints, Color Rules, Column Layouts, and Sequence Expressions.


User Libraries — Above assets are available under centralized User Libraries

Home tab — includes new Ribbon reorganization and enhancements that include the following features:

Viewpoints — specify preset viewpoints so you can view data from the perspective of a protocol, in addition to hiding operations in the current view and resetting the default viewpoint.

Chart tab — enables you to create, edit, save, and share your own Composite Chart viewers that can contain custom-configured pie, bar, timeline, and grid chart components, similar to the built-in Protocol Dashboard.

Time Shifts — specify time shifts that adjust for machine skew or time zone changes across traces.

There is more new stuff I like the charts checkout the tool!


There is a Technet forum for Message Analyzer forum If you have problems this is the place to be.

Microsoft Message Analyzer


Microsoft Message Analyzer Usage Scenario Guidance

The installation of #MMA is easy in just a few steps .

Microsoft Message Analyzer is a new tool for capturing, displaying, and analyzing protocol messaging traffic. It is the successor to Microsoft Network Monitor 3.x and is a key component in the Protocol Engineering Framework (PEF) that was created by Microsoft for the improvement of protocol design, development, documentation, testing, and support. With Message Analyzer, you can capture live data or retrieve archived message collections from saved files such as traces and logs. Message Analyzer also enables you to display data in a default tree grid view and in selectable graphical views that employ grids, charts, and timeline visualizer components that provide high-level data summaries and other statistics.

More info : Microsoft Message Analyzer Usage Scenario Guidance

clip_image002 clip_image004 clip_image006

clip_image008 clip_image010

After the installation no Reboot is required , ready to start.


clip_image012 clip_image014 clip_image016

The Welcome screen is nice and direct links to the blog or forum is there or other help pages

clip_image018 clip_image020 clip_image022

Sample filters SMB filters are there if you want to capture the traffic extra options can be set

clip_image024 clip_image026 clip_image028


Firewall options are all there



clip_image032 clip_image034  imageimage


IntelliSense UI for filter creation – As one of the most requested features, Filter IntelliSense is now available for exploring protocol message hierarchies to find the fields you need to build filter expressions. The capabilities are vastly improved compared to Network Monitor, now displaying protocols, messages, fields, structures, properties, annotations and more!


· Quick filter – Quick filtering makes it easy to create a time window in which to view trace results!   Unlike BSV, it filters messages in memory after loading them instead of during import.  Just select the traces you want, adjust the time slider as needed, and you are done.  It’s that easy.


· Capture firewall discard events – This feature allows you to discover how the firewall is affecting network traffic.  New messages tell you when traffic is blocked and associated IDs point to the specific firewall rule responsible for dropping the message.

· OPN Viewer – You can right click on any field and select Go to Definition to view the field’s OPN definition.  This feature provides the equivalent functionality of the NPL Viewer in Network Monitor 3.4.


· Parsing REST Protocols – This feature enables you to diagnose and analyze RESTful web services.  RESTful web services are one of the fastest growing network areas.

· Performance improvements:

o Message Analyzer startup time has improved by over 50%.

o Sorting on selected column has improved by 60%.

o Grouping has improved by 30%

o Parsing after the initial load has improved by up to 15%, depending upon the protocol type.

Message Analyzer also presents exciting graphic viewer features that are still under development, but we would like to share them with you now to get your initial feedback:

· Gantt viewer – Do you need to see a bird’s eye view of your message traffic?  Message Analyzer now includes a highly customizable Gantt Viewer that provides easy-to-use navigation, zooming, and the ability to drill down into further details, as necessary.

Microsoft Message Analyzer Usage Scenario Guidance

· Console viewer provides an interactive command-line interface for filtering, sorting, grouping, and viewing messages collections.

Microsoft Message Analyzer #MMA Microsoft Network Monitor

Message Analyzer Icon 48

Microsoft Message Analyzer

Meet the successor to Microsoft Network Monitor!

Microsoft Message Analyzer has been released to the public.

As you might guess from the name, Message Analyzer is much more than a network sniffer or packet tracing tool. Key capabilities include:

• Integrated "live" event and message capture at various system levels and endpoints

• Parsing and validation of protocol messages and sequences

• Automatic parsing of event messages described by ETW manifests

• Summarized grid display – top level is “operations”, (requests matched with responses)

• User controlled "on the fly" grouping by message attributes

• Ability to browse for logs of different types (.cap, .etl, .txt) and import them together

• Automatic re-assembly and ability to render payloads

• Ability to import text logs, parsing them into key element/value pairs

• Support for “Trace Scenarios” (one or more message providers, filters, and views)

(To capture at the NDIS and Firewall layers without running as admin, you must log off and back on after installation to pick up the necessary credentials. Please do this!)

Powerful, extensible viewing and analysis


•Browse, Select, View

•Browse for messages from various sources (live, or stored)

•Select a set of messages from those sources by characteristic(s)

•View messages in a provided viewer, configure or build your own

•A new high-level grid view

•High level “Operations” view with automatic re-assembly

•“Bubbling up” of errors in the stack to the top level

•Ability to drill down the stack to underlying messages and/or packets

•On the fly grouping, filtering, finding, or sorting by any message property

•Payload rendering

•Validation of message structures, behavior, and architecture

•Does the protocol comply with the specifications?