Microsoft Message Analyzer (v1.3) is the current versioned tool for capturing, displaying, and analyzing protocol messaging traffic and other system messages. Message Analyzer also enables you to import, aggregate, and analyze data from log and trace files. It is the successor to Microsoft Network Monitor 3.4 and Message Analyzer v1.2. Message Analyzer is a key component in the Protocol Engineering Framework (PEF) that was created by Microsoft for the improvement of protocol design, development, documentation, testing, and support. With Message Analyzer, you can choose to capture data live or load archived message collections from multiple data sources simultaneously.
Message Analyzer enables you to display trace, log, and other message data in numerous data viewer formats, including a default tree grid view and other selectable graphical views that employ grids, charts, and timeline visualizer components which provide high-level data summaries and other statistics. It also enables you to configure your own custom data viewers. In addition, Message Analyzer is not only an effective tool for troubleshooting network issues, but for testing and verifying protocol implementations as well.
- Updated Protocols: TCP, HTTP, LDAP, RDPBCGR, KerberosV5, MSRPCE, IMAP, RPCH, TLS, SSL, TDS, TSGU, SIP, LPR, NNTP, TURN, POP3, SMTP, MPA, FTP, iSCSI, NBTNS, NBTSS, SOCKS, SunRPC, SMB2, RSVD
- New Windows 10 Protocols: SQOS, RNAS
- Other New Protocols: CSSP, NetFlow, IPFIX, RDPEFS, RDPERP, RDPESC, SCMR
Fiddler .SAZ – Now you can open .SAZ files from Fiddler directly. Now correlate fiddler traffic with network traces, ETL’s and log files.
Viewpoint Improvements – Viewpoint has been separated as a separate tool, to centralize it’s functionality in one place, including the hiding of Operations. Now a View Filter before Viewpoints, so that you can drill down with a filter, change your Viewpoint, and still see all the data based on the high-level View Filter. You can also apply a new Viewpoint Filter that is relative to the currently applied Viewpoint, which works like the previous view filter behavior.
GZIP decompression – Message Analyzer can now automatically decompress HTTP payloads that have been compressed using GZIP.
Decryption Improvements – Support for TLS decrypted protocols like RDP, TDS and LDAP. Also we’ve improved some of the error messages reported by the Decryption tool window.
Parser and Text Log Updates – New protocol parsers like SRVS, RDWR, WSH, EVEN, and many more. Updates to the Netlogon parser and the addition log file parsers for Lync, SCCM (System Center Configuration Manager), ULS (SharePoint), and VMM (Virtual Machine Manager) logs.
Message Analyzer can now retrieve data in new ways. Analyze them individually or combine them with other data as well:
- SQL/Azure – Open SQL and Azure Tables and import that data to correlate against other information. Import Azure Blob data as well.
- PowerShell – Execute a PowerShell command and retrieve the resulting data. For instance enter “dir” as a script, which maps to the Get-ChildItem cmdlet. This will show you the results in the Analysis Grid.
- Event Logs – Directly open local or remote event logs in to a static session.
Go To Message (Ctrl+G) – Allows you to go to a message by entering a message number in the Go To Message dialog. If you have a single data source loaded, the first message in that source that matches your entry will be found. When there is more than one data source loaded you can select a specific data source in which to search for a message, or you can search across all sources.
Robert Smit MVP Blog 